US FTC charged cyber security firm Avast with harvesting consumer web browsing data through its browser extension and antivirus and sold it. The US Federal Trade Commission (FTC) has... Read more »

Security researcher Salvatore Lombardo shared details about a new instance of Nigerian fraud that he called ‘Beyond the border scam.’ The 419 scam is a form of scam that requires... Read more »

Joomla maintainers have addressed multiple vulnerabilities in the popular content management system (CMS) that can lead to execute arbitrary code. The maintainers of the Joomla! Project released Joomla 5.0.3... Read more »

China-linked APT group Mustang Panda targeted various Asian countries with a variant of the PlugX (aka Korplug) backdoor dubbed DOPLUGS. Trend Micro researchers uncovered a cyberespionage campaign, carried out... Read more »

U.S. government offers rewards of up to $15 million for information that could lead to the identification or location of LockBit ransomware gang members and affiliates. The U.S. Department... Read more »

A new malware campaign targets Redis servers to deploy the mining crypto miner Migo on compromised Linux hosts. Caro Security researchers have observed a new malware campaign targeting Redis... Read more »

VMware urges customers to uninstall the deprecated Enhanced Authentication Plugin (EAP) after the disclosure of a critical flaw CVE-2024-22245. VMware is urging users to uninstall the deprecated Enhanced Authentication... Read more »

Researchers from Shadowserver Foundation identified roughly 28,000 internet-facing Microsoft Exchange servers vulnerable to CVE-2024-21410. The vulnerability CVE-2024-21410 is a bypass vulnerability that can be exploited by an attacker to... Read more »

ConnectWise addressed two critical vulnerabilities in its ScreenConnect remote desktop access product and urges customers to install the patches asap. ConnectWise warns of the following two critical vulnerabilities in... Read more »