FBI warns of Handala hackers using Telegram in malware attacks

The U.S. Federal Bureau of Investigation (FBI) warned network defenders that Iranian hackers linked to the country's Ministry ...

New KB5085516 emergency update fixes Microsoft account sign-in

Microsoft has released an emergency update to address a major issue that breaks sign-ins with Microsoft accounts across ...

CISA orders feds to patch DarkSword iOS flaws exploited attacks

CISA ordered U.S. government agencies to patch three iOS vulnerabilities targeted in cryptocurrency theft and cyberespionage attacks using the DarkSword exploit kit.

VoidStealer malware steals Chrome master key via debugger trick

An information stealer called VoidStealer uses a new approach to bypass Chrome's Application-Bound Encryption (ABE) and ...

Trivy vulnerability scanner breach pushed infostealer via GitHub Actions

The Trivy vulnerability scanner was compromised in a supply-chain attack by threat actors known as TeamPCP, which distributed ...

Microsoft Azure Monitor alerts abused for callback phishing attacks

Microsoft Azure Monitor alerts are being abused to send callback phishing emails that impersonate warnings from the Microsoft ...

How CISOs Can Survive the Era of Geopolitical Cyberattacks

Geopolitical tensions are driving destructive cyberattacks designed to disrupt operations, not demand ransom. CISOs must ...

Critical Microsoft SharePoint flaw now exploited in attacks

A critical Microsoft SharePoint vulnerability patched in January is now being exploited in attacks, the Cybersecurity and ...

Microsoft: March Windows updates break Teams, OneDrive sign-ins

Microsoft says the March Windows 11 update breaks sign-ins with Microsoft accounts across multiple Microsoft apps, including ...

Max severity Ubiquiti UniFi flaw may allow account takeover

Ubiquiti has patched two vulnerabilities in the UniFi Network Application, including a maximum-severity flaw that may allow ...

New ‘PolyShell’ flaw allows unauthenticated RCE on Magento e-stores

A newly disclosed vulnerability dubbed 'PolyShell' affects all Magento Open Source and Adobe Commerce stable version 2 ...

Ex-data analyst stole company data in $2.5M extortion scheme

A North Carolina man was found guilty of extorting a D.C.-based technology company while still being employed as a data ...