3 hours 19 minutes ago
Need a blueprint for architecting a formidable cyber-defense? Kerry Kerry Matre, senior director at Mandiant, shares hers in this detailed breakdown.
4 hours 5 minutes ago
Threat actors use bogus 'shipping delays' to deceive customers and businesses. Troy Gill, senior manager of threat intelligence at Zix, discusses how spoofing is evolving and what to do.
5 hours 49 minutes ago
The 12-year-old flaw in the sudo-like Polkit’s pkexec tool, found in all major Linux distributions, is likely to be exploited in the wild within days.
9 hours 40 minutes ago
Attackers are getting creative, using smishing & a malicious Google Play QR reader to plant banking trojans on the phones of victims across the globe.
1 day 2 hours ago
Some of the bursts of traffic reached up to 10Gbps, reports noted, overwhelming the country's only ISP, and crippling Andorran Squidcraft gamers along with the rest of the population.
1 day 2 hours ago
A discarded Discord vanity URL for CryptoBatz was hijacked by cybercriminals to drain cryptocurrency wallets.
1 day 3 hours ago
Visitors who shopped on the company's eCommerce website in January will likely find their payment-card data heisted, researchers warned.
1 day 4 hours ago
A pro-democracy Hong Kong site was used to launch watering-hole attacks that planted a powerful macOS backdoor that researchers dubbed DazzleSpy.
1 day 7 hours ago
A critical security bug and a months-long, ongoing supply-chain attack spell trouble for WordPress users.
1 day 9 hours ago
Researchers identify three new versions of the banking trojan that include various new features, including GPS tracking and novel obfuscation techniques.
2 days ago
The two flaws in Control Web Panel – a popular web hosting management software used by 200K+ servers – allow code execution as root on Linux servers.
2 days 1 hour ago
State-sponsored cyberattackers are using Google Drive, Dropbox and other legitimate services to drop spyware on Middle-Eastern targets and exfiltrate data.
2 days 2 hours ago
QR codes have become a go-to staple for contactless transactions of all sorts during the pandemic, and the FBI is warning cybercriminals are capitalizing on their lax security to steal data and money, and drop malware.
2 days 3 hours ago
The bug can allow attackers to remotely execute code on gamers’ computers. The devs temporarily deactivated PvP servers across multiple affected versions.
2 days 13 hours ago
The ‘DTPacker’ downloader used fake Liverpool Football Club sites as lures for several weeks, a report finds.
5 days 2 hours ago
What attracts the attackers? David "moose" Wolpoff, CTO at Randori, discusses how to evaluate your infrastructure for juicy targets.
David “moose” Wolpoff
5 days 3 hours ago
Court rules ‘War or Hostile Acts’ exclusion doesn’t apply to the pharma giant's 2017 cyberattack.
5 days 5 hours ago
The WordPress WP HTML Mail plugin for personalized emails is vulnerable to code injection and phishing due to XSS.
5 days 6 hours ago
McAfee has patched two high-severity bugs in its Agent component, one of which can allow attackers to achieve arbitrary code execution with SYSTEM privileges.
5 days 9 hours ago
The brief spearphishing campaigns spread malware and use compromised networks to steal credentials that can be sold or used to commit financial fraud.
2 hours 40 minutes ago
The First Stop For Security News
Subscribe to Threatpost feed