Researchers have found three backdoors and four miners in attacks exploiting the Log4Shell vulnerability, some of which are still ongoing.
The ever-evolving malware shows off new tactics that use email thread hijacking and other obfuscation techniques to provide advanced evasion techniques.
“We made a mistake,” Okta said, owning up to its responsibility for security incidents that hit its service providers and potentially its own customers.
The security vendor’s appliance suffers from an authentication-bypass issue.
The supply-chain attack on the U.S. energy sector targeted thousands of computers at hundreds of organizations, including at least one nuclear power plant.
Two separate campaigns from different threat actors targeted users with the same exploit kit for more than a month before the company fixed an RCE flaw found in February.
London Police can’t say if they nabbed the 17-year-old suspected mastermind & multimillionaire – but researchers say they’ve been tracking an Oxford teen since mid-2021.
A large-scale, automated typosquatting attack saw 200+ malicious packages flood the npm code repository, targeting popular Azure scopes.
A patch fixes exploit hidden in Elden Ring that traps PC players in a ‘death loop.’
~30 crypto companies were affected, including BlockFi, Swan Bitcoin and NYDIG, providing an uncomfortable reminder about how much data CRM systems snarf up.