UEFI vulnerability for Intel processors opens the doors for a bootkit
Researchers have disclosed details of a vulnerability in Phoenix Technologies' firmware for Intel processors.
2 minutes
Pieter Arntz
Microsoft 365 users targeted in 2FA-busting phishing campaigns
Researchers have uncovered a Phishing-as-a-Service platform that enables criminals to bypass some forms of 2FA.
2 minutes
Patch now! VMWare releases fix for critical vulnerabilities
Broadcom notified VMWare users about an update for VMware vCenter Server which addresses three critical vulnerabilities.
2 minutes
Compromised F5 BIG-IP appliances abused in three-year infiltration
A state-sponsored attacker used compromised F5 load balancers to gain persistence on a target's network.
2 minutes
Why are browser vulnerabilities going unpatched?
Last week, the top five unpatched vulnerabilities were all browser-based, some from 2023.
3 minutes
Black Basta ransomware exploits Windows Error Reporting Service vulnerability
Researchers have found an exploit tool using an elevation of privilege vulnerability to drop Black Basta ransomware.
2 minutes
20,000 Fortinet VPN appliances compromised, investigation reveals
An investigation by Dutch government agencies has revealed that over 20,000 FortiGate security appliances were compromised by cyber-spies.
2 minutes
Patch now! Critical RCE vulnerability in Microsoft Message Queuing
Patch Tuesday revealed a serious bug that could be remotely exploitable on up to a million internet-connected Windows machines.
2 minutes
Snowflake “breach” looks like 165 individual incidents
After an investigation, Snowflake has concluded that recent data leaks were not caused by a vulnerability or breach of its…
2 minutes
Update now! June’s Patch Tuesday—one zero-day, but it’s a doozy
Microsoft’s Patch Tuesday for May 2024 looks relaxed, but there are some fixes that need your attention.
3 minutes
Teams of AI agents can exploit zero-day vulnerabilities
New research shows that teams of AI agents working together are much better at vulnerability research and exploitation than individual…
2 minutes
Ransomware drives healthcare provider into administration
Australian e-prescription provider MediSecure has entered voluntary administration following a cyberattack.
1 minute
Microsoft calls time on NTLM, so should you
The NTLM authentication protocol will no longer be developed by Microsoft, so administrators should switch as soon as possible.
2 minutes
Azure Service Tags vulnerability could allow attackers to access private data
Researchers have found that relying on Azure Service Tags to restrict access to systems is not a secure solution. Microsoft…
2 minutes
Okta suffers more credential stuffing attacks
Okta has issued a warning about credential stuffing attacks on its cross-origin authentication feature.
2 minutes
Operation Endgame—the largest ever battering for botnets
Europol has published the results of Operation Endgame, a campaign aimed at the infrastructure spreading IcedID, SystemBC, Pikabot, Smokeloader, Bumblebee,…
2 minutes
North Korean threat actor behind new ransomware
A relatively new group of North Korean cybercriminals has been found deploying FakePenny ransomware.
2 minutes
140 Ascension facilities still reeling from ransomware attack
140 Ascension healthcare units have been disrupted by the Black Basta ransomware group.
1 minute
Patch now! Critical vulnerability in Veeam’s Backup Enterprise Manager
Veeam has issued an advisory about several vulnerabilities in its Backup Enterprise Manager (VBEM).
1 minute
