Hackers target new MOVEit Transfer critical auth bypass bug
Threat actors are already trying to exploit a critical authentication bypass flaw in Progress MOVEit Transfer, less than a day after the vendor disclosed it.…
Category: Bleeping Computer
Windows 10 KB5039299 update released with 10 changes or fixes
The June 2024 optional update for Windows 10 is now available. Today’s update brings KB5039299 for Windows 10 version 22H2 with up to ten bug fixes or…
Snowblind malware abuses Android security feature to bypass security
A novel Android attack vector from a piece of malware tracked as Snowblind is abusing a security feature to bypass existing anti-tampering protections in apps…
Plugins on WordPress.org backdoored in supply chain attack
A threat actor modified the source code of at least five plugins hosted on WordPress.org to include malicious PHP scripts that create new accounts with administrative…
Polyfill.io JavaScript supply chain attack impacts over 100K sites
Over 100,000 sites have been impacted in a supply chain attack by the Polyfill.io service after a Chinese company acquired the domain and the script was modified…
New Medusa malware variants target Android users in seven countries
The Medusa banking trojan for Android has re-emerged after almost a year of keeping a lower profile in campaigns targeting France, Italy, the United States,…
Neiman Marcus confirms data breach after Snowflake account hack
Luxury retailer Neiman Marcus confirmed it suffered a data breach after hackers attempted to sell the company’s database stolen in recent Snowflake data theft attacks.…
FBI warns of fake law firms targeting crypto scam victims
The FBI is warning of cybercriminals posing as law firms and lawyers that offer cryptocurrency recovery services to victims of investment scams and steal funds…
P2PInfect botnet targets REdis servers with new ransomware module
P2PInfect, originally a dormant peer-to-peer malware botnet with unclear motives, has finally come alive to deploy a ransomware module and a cryptominer in attacks on…
Chemical facilities warned of possible data theft in CISA CSAT breach
CISA is warning that its Chemical Security Assessment Tool (CSAT) environment was breached in January after hackers deployed a webshell on its Ivanti device, potentially…
Chrome for Android tests feature that securely verifies your ID with sites
Google is testing a new feature called “Digital Credential API” for Chrome on Android that allows websites to securely request identity information, such as driver’s licenses…
New attack uses MSC files and Windows XSS flaw to breach networks
A novel command execution technique dubbed ‘GrimResource’ uses specially crafted MSC (Microsoft Saved Console) and an unpatched Windows XSS flaw to perform code execution via…