Threatpost

A slip-up by a malware author has allowed researchers to taxonomize three ransomware variations going by different names.

The Google Project Zero researcher found a bug in XML parsing on the Zoom client and server.

2022’s DBIR also highlighted the far-reaching impact of supply-chain breaches and how organizations and their employees are the reasons why incidents occur.

Fronton botnet has far more ability than launching DDOS attack, can track social media trends and launch suitable propaganda.

Mohit Tiwari, CEO of Symmetry Systems, explores Zero Trust, data objects and the NIST framework for cloud and on-prem environments.

Microsoft Word also leveraged in the email campaign, which uses a 22-year-old Office RCE bug.

Daniel Kaar, global director application security engineering at Dynatrace, highlights the newfound respect for AppSec-enabled observability in the wake of Log4Shell. 

More than 380,000 of the 450,000-plus servers hosting the open-source container-orchestration engine for managing cloud deployments allow some form of access.

Privilege escalation flaw discovered in the Jupiter and JupiterX Core Plugin affects more than 90,000 sites.

The U.S. Department of Justice indicts middle-aged doctor, accusing him of being a malware mastermind.

Research indicates that organizations should make patching existing flaws a priority to mitigate risk of compromise.

Researchers say a GitHub proof-of-concept exploitation of recently announced VMware bugs is being abused by hackers in the wild.

Microsoft researchers say they are tracking a botnet that is leveraging bugs in the Spring Framework and WordPress plugins.

Wireless features Bluetooth, NFC and UWB stay on even when the device is powered down, which could allow attackers to execute pre-loaded malware.

Microsoft's May Patch Tuesday update is triggering authentication errors.

An account promoting the project—which offers a range of threat activity from info-stealing to crypto-mining to ransomware as individual modules—has more than 500 subscribers.

Researchers discovered a simple malware builder designed to steal credentials, then pinging them to Discord webhooks.

Tony Lauro, director of security technology and strategy at Akamai, discusses reducing your company's attack surface and the "blast radius" of a potential attack.

The stealthy, feature-rich malware has multistage evasion tactics to fly under the radar of security analysis, researchers at Proofpoint have found.