Threatpost

The first Patch Tuesday security bulletin for 2021 from Microsoft includes fixes for one bug under active attack, possibly linked to the massive SolarWinds hacks.

Capcom, the game developer behind Resident Evil, Street Fighter and Dark Stalkers, now says its recent attack compromised the personal data of up to 400,000 gamers.

A sophisticated threat actor has hijacked email security connections to spy on targets.

The BumbleBee web shell allows APT attackers to upload and download files, and move laterally by running commands.

Adobe issued patches for seven critical arbitrary-code-execution flaws plaguing Windows and MacOS users.

Europol announced a wide-ranging investigation that led to the arrest of the alleged DarkMarket operator and the seizure of the marketplace's infrastructure, including more than 20 servers.

Researchers informed organization of a flaw that exposed GitHub credentials through the organization’s vulnerability disclosure program.

WhatsApp aimed to clear the air about its updated privacy policy after reports of mandatory data sharing with Facebook drove users to Signal and Telegram in troves.

The release of a CIA archive on UFOs is exactly the kind of headline-making event that phishing and scam actors long for.

A cloud misconfig by SocialArks exposed 318 million records gleaned from Facebook, Instagram and LinkedIn.

A researcher scraped and archived public Parler posts before the conservative social networking service was taken down by Amazon, Apple and Google.

Researchers have spotted notable code overlap between the Sunburst backdoor and a known Turla weapon.

Researchers at Recorded Future report a rise in cracked Cobalt Strike and other open-source adversarial tools with easy-to-use interfaces.

Threatpost editors discuss the SolarWinds hack, healthcare ransomware attacks and other threats that will plague enterprises in 2021.

An examination of the malware gang's payments reveals insights into its economic operations.

Former CISA director Chris Krebs and former Facebook security exec Alex Stamos have teamed up to create a new consulting group - and have been hired by SolarWinds.

The agency said the malware has already compromised more than 150 organizations and provided insight into its ransomware-as-a-service behavior.

Major browsers get an update to fix separate bugs that both allow for remote attacks, which could potentially allow hackers to takeover targeted devices.

Anne Neuberger will join the National Security Council, according to sources.

In all, Nvidia patched flaws tied to 16 CVEs across its graphics drivers and vGPU software, in its first security update of 2021.