Category: News

Log4JShell Used to Swarm VMware Servers with Miners, Backdoors

Researchers have found three backdoors and four miners in attacks exploiting the Log4Shell vulnerability, some of which are still ongoing.

Exchange Servers Speared in IcedID Phishing Campaign

The ever-evolving malware shows off new tactics that use email thread hijacking and other obfuscation techniques to provide advanced evasion techniques.

Okta Says It Goofed in Handling the Lapsus$ Attack

“We made a mistake,” Okta said, owning up to its responsibility for security incidents that hit its service providers and potentially its own customers.

Critical Sophos Security Bug Allows RCE on Firewalls

The security vendor’s appliance suffers from an authentication-bypass issue.

DOJ Indicts Russian Gov’t Employees Over Targeting Power Sector

The supply-chain attack on the U.S. energy sector targeted thousands of computers at hundreds of organizations, including at least one nuclear power plant.

Google Chrome Zero-Day Bugs Exploited Weeks Ahead of Patch

Two separate campaigns from different threat actors targeted users with the same exploit kit for more than a month before the company fixed an RCE flaw found in February.

UK Cops Collar 7 Suspected Lapsus$ Gang Members

London Police can’t say if they nabbed the 17-year-old suspected mastermind & multimillionaire – but researchers say they’ve been tracking an Oxford teen since mid-2021.

Microsoft Azure Developers Awash in PII-Stealing npm Packages

A large-scale, automated typosquatting attack saw 200+ malicious packages flood the npm code repository, targeting popular Azure scopes.

Just-Released Dark Souls Game, Elden Ring, Includes Killer Bug

A patch fixes exploit hidden in Elden Ring that traps PC players in a ‘death loop.’

HubSpot Data Breach Ripples Through Crytocurrency Industry

~30 crypto companies were affected, including BlockFi, Swan Bitcoin and NYDIG, providing an uncomfortable reminder about how much data CRM systems snarf up.