FBI warns of Handala hackers using Telegram in malware attacks

The U.S. Federal Bureau of Investigation (FBI) warned network defenders that Iranian hackers linked to the country's Ministry ...

New KB5085516 emergency update fixes Microsoft account sign-in

Microsoft has released an emergency update to address a major issue that breaks sign-ins with Microsoft accounts across ...

Microsoft Exchange Online service change causes email access issues

Microsoft is working to address an ongoing service issue that has intermittently prevented some users from accessing their ...

VoidStealer malware steals Chrome master key via debugger trick

An information stealer called VoidStealer uses a new approach to bypass Chrome's Application-Bound Encryption (ABE) and ...

CISA orders feds to patch DarkSword iOS flaws exploited attacks

CISA ordered U.S. government agencies to patch three iOS vulnerabilities targeted in cryptocurrency theft and cyberespionage attacks using the DarkSword exploit kit.

Trivy vulnerability scanner breach pushed infostealer via GitHub Actions

The Trivy vulnerability scanner was compromised in a supply-chain attack by threat actors known as TeamPCP, which distributed ...

FBI seizes Handala data leak site after Stryker cyberattack

The FBI has seized two websites used by the Handala hacktivist group after the threat actors conducted a destructive ...

GlassWorm malware hits 400+ code repos on GitHub, npm, VSCode, OpenVSX

The GlassWorm supply-chain campaign has returned with a new, coordinated attack that targeted hundreds of packages, ...

Microsoft Azure Monitor alerts abused for callback phishing attacks

Microsoft Azure Monitor alerts are being abused to send callback phishing emails that impersonate warnings from the Microsoft ...

CISA orders feds to patch max-severity Cisco flaw by Sunday

The Cybersecurity and Infrastructure Security Agency (CISA) has ordered federal agencies to patch a maximum-severity ...

How CISOs Can Survive the Era of Geopolitical Cyberattacks

Geopolitical tensions are driving destructive cyberattacks designed to disrupt operations, not demand ransom. CISOs must ...

New ‘PolyShell’ flaw allows unauthenticated RCE on Magento e-stores

A newly disclosed vulnerability dubbed 'PolyShell' affects all Magento Open Source and Adobe Commerce stable version 2 ...