The vulnerability affects all unpatched Windows 10 versions following a messy Microsoft January update.
The researcher found that he could gain unauthorized camera access via a shared iCloud document that could also “hack every website you’ve ever visited.”
Finland is weathering a bout of Pegasus infections, along with a Facebook Messenger phishing scam.
The group once again dangled fake job opportunities at engineers in a spear-phishing campaign that used Windows Update as a living-off-the-land technique and GitHub as a C2.
The sweetened deal came on the same day that Trustwave SpiderLabs published a new way to bypass Outlook security to deliver malicious links to victims.
QNAP had to push out an unexpected (and not entirely welcome) NAS device update, and Delta Electronics’ network has been crippled.
MacOS malware Shlayer and Bundlore may have variations, but the behavior of their attacks have not changed – attacking older macOS versions and poorly-protected websites.
The Vultur trojan steals bank credentials but asks for permissions to do far more damage down the line.
The malware had already put millions of routers and IoT devices at risk, and now any noob can have at it.
Attackers increasingly are spoofing the courier DHL and using socially engineered messages related to packages to trick users into downloading Trickbot and other malicious payloads.