Cloudflare fixed a flaw in its ACME validation logic that could let attackers bypass security checks and access protected origin servers. Cloudflare fixed a flaw in its ACME HTTP-01... Read more »

Password manager LastPass warns of an active phishing campaign impersonating the service to steal users’ master passwords. LastPass warned users about an active phishing campaign that began around January... Read more »

VoidLink is a cloud-focused Linux malware, likely built by one person using AI, offering loaders, implants, rootkit evasion, and modular plugins. Check Point researchers uncovered VoidLink, a cloud-focused Linux... Read more »

Threat actors use PDFSIDER malware with social engineering and DLL sideloading to bypass AV/EDR, and ransomware gangs already abuse it. Resecurity has learned about PDFSIDER during an investigation of... Read more »

A Jordanian man pleaded guilty in the US to selling illegal access to 50 compromised enterprise networks after an undercover sting. A Jordanian national Feras Khalil Ahmad Albashiti (40),... Read more »

TP-Link fixed a critical flaw that exposed over 32 VIGI C and VIGI InSight camera models to remote hacking, with over 2,500 internet-exposed devices identified. TP-Link fixed a high-severity... Read more »

Major Telegram-based illicit marketplace Tudou Guarantee appears to be shutting down its operations, according to Elliptic. Blockchain cybersecurity firm Elliptic reports that Tudou Guarantee, a major Telegram-based illicit marketplace... Read more »

The UK government warns Russia-linked hacktivists are still carrying out DDoS attacks on critical infrastructure and local government systems The UK government warns that Russia-linked hacktivists are continuing DDoS... Read more »

Ingram Micro says a ransomware attack exposed personal data of about 42,000 people, including names, birth dates, SSNs, and job-related details. Ingram Micro is a global technology distributor and... Read more »