Red Hat warns of backdoor in XZ tools used by most Linux distros
Today, Red Hat warned users to immediately stop using systems running Fedora development and experimental versions because of a backdoor found in the latest XZ Utils…
Category: Bleeping Computer
Google Podcasts service shuts down in the US next week
U.S. users have just a few more days to make the transition from Google Podcasts as the company moves forward with the process of discontinuing…
Decade-old Linux ‘wall’ bug helps make fake SUDO prompts, steal passwords
A vulnerability in the wall command of the util-linux package that is part of the Linux operating system could allow an unprivileged attacker to steal passwords or…
Retail chain Hot Topic hit by new credential stuffing attacks
American retailer Hot Topic disclosed that two waves of credential stuffing attacks in November exposed affected customers’ personal information and partial payment data. The Hot…
PyPI suspends new user registration to block malware campaign
The Python Package Index (PyPI) has temporarily suspended user registration and the creation of new projects to deal with an ongoing malware campaign. PyPI is…
Cisco warns of password-spraying attacks targeting VPN services
Cisco has shared a set of recommendations for customers to mitigate password-spraying attacks that have been targeting Remote Access VPN (RAVPN) services configured on Cisco…
How Pentesting-as-a-Service can Reduce Overall Security Costs
If your job involves keeping applications or data secure, you know how important penetration testing can be in identifying potential weaknesses and vulnerabilities. But you…
New Darcula phishing service targets iPhone users via iMessage
A new phishing-as-a-service (PhaaS) named ‘Darcula’ uses 20,000 domains to spoof brands and steal credentials from Android and iPhone users in more than 100 countries.…
Windows 11 22H2 Home and Pro get preview updates until June 26
Microsoft reminded customers today that the Windows 11 22H2 Home and Pro editions will continue to receive non-security preview updates until June 26. These optional…
INC Ransom threatens to leak 3TB of NHS Scotland stolen data
The INC Ransom extortion gang is threatening to publish three terabytes of data allegedly stolen after breaching the National Health Service (NHS) of Scotland. In a…
Google fixes Chrome zero-days exploited at Pwn2Own 2024
Google fixed seven security vulnerabilities in the Chrome web browser on Tuesday, including two zero-days exploited during the Pwn2Own Vancouver 2024 hacking competition. The first…
Spyware vendors behind 50% of zero-days exploited in 2023
Google’s Threat Analysis Group (TAG) and Google subsidiary Mandiant said they’ve observed a significant increase in the number of zero-day vulnerabilities exploited in attacks in…