Security News

Filter by:

Windows SmartScreen flaw exploited to drop Phemedrone malware

A Phemedrone information-stealing malware campaign exploits a Microsoft Defender SmartScreen vulnerability (CVE-2023-36025) to bypass Windows security prompts when opening URL files. [...]
Bleepingcomputer 16 Jan 2024 915 Views

CISA: Critical Microsoft SharePoint bug now actively exploited

CISA warns that attackers are now exploiting a critical Microsoft SharePoint privilege escalation vulnerability that can be chained with another critical bug for remote code execution.
Bleeping Computer 15 Jan 2024 1149 Views

Medusa Ransomware on the Rise: From Data Leaks to Multi-Extortion

The threat actors associated with the Medusa ransomware have ramped up their activities following the debut of a dedicated data leak site on the dark web in February 2023 to publish sensitive data of victims who are unwilling to agree to their demands.
The Hacker News 15 Jan 2024 1389 Views

Framework discloses data breach after accountant gets phished

Framework Computer disclosed a data breach exposing the personal information of an undisclosed number of customers after Keating Consulting Group, its accounting service provider, fell victim to a phishing attack. [...]
Bleepingcomputer 12 Jan 2024 1321 Views

Cisco says critical Unity Connection bug lets attackers get root

Cisco has patched a critical Unity Connection security flaw that can let unauthenticated attackers remotely gain root privileges on unpatched devices.
Bleeping Computer 11 Jan 2024 1340 Views

Ivanti warns of Connect Secure zero-days exploited in attacks

Ivanti has disclosed two Connect Secure (ICS) and Policy Secure zero-days exploited in the wild that can let remote attackers execute arbitrary commands on targeted gateways.
Bleeping Computer 11 Jan 2024 1555 Views

Apache OFBiz zero-day pummeled by exploit attempts after disclosure

SonicWall says it has observed thousands of daily attempts to exploit an Apache OFBiz zero-day for nearly a fortnight. [...]
The Register 9 Jan 2024 5467 Views

Google: Malware abusing API is standard token theft, not an API issue

Google is downplaying reports of malware abusing an undocumented Google Chrome API to generate new authentication cookies when previously stolen ones have expired.
Bleeping Computer 8 Jan 2024 1432 Views

X users fed up with constant stream of malicious crypto ads

Cybercriminals are abusing X advertisements to promote websites that lead to crypto drainers, fake airdrops, and other scams.
Bleeping Computer 8 Jan 2024 1472 Views

Hackers hijack govt and business accounts on X for crypto scams

Hackers are increasingly targeting verified accounts on X (formerly Twitter) belonging to government and business profiles and marked with 'gold' and 'grey' checkmarks to promote cryptocurrency scams, phishing sites, and sites with crypto drainers. [...]
Bleepingcomputer 5 Jan 2024 1204 Views

We use cookies to give you the best possible experience on our website. By continuing to browse this site, you give consent for cookies to be used. For more details please read our Cookie Policy.

PRIVACY POLICY