A malicious actor has been linked to a cloud credential stealing campaign in June 2023 that’s focused on Azure and Google Cloud Platform (GCP) services, marking the adversary’s expansion... Read more »

All-In-One Security (AIOS), a WordPress plugin installed on over one million sites, has issued a security update after a bug introduced in version 5.1.9 of the software caused users’... Read more »

Zimbra has warned of a critical zero-day security flaw in its email software that has come under active exploitation in the wild. “A security vulnerability in Zimbra Collaboration Suite... Read more »

A new malware strain has been found covertly targeting small office/home office (SOHO) routers for more than two years, infiltrating over 70,000 devices and creating a botnet with 40,000... Read more »

As many as 196 hosts have been infected as part of an aggressive cloud campaign mounted by the TeamTNT group called Silentbob. “The botnet run by TeamTNT has set its... Read more »

Government entities, military organizations, and civilian users in Ukraine and Poland have been targeted as part of a series of campaigns designed to steal sensitive data and gain persistent... Read more »

In a sign that cybersecurity researchers continue to be under the radar of malicious actors, a proof-of-concept (PoC) has been discovered on GitHub, concealing a backdoor with a “crafty”... Read more »

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has alerted of two security flaws impacting Rockwell Automation ControlLogix EtherNet/IP (ENIP) communication module models that could be exploited to achieve... Read more »

An unnamed Federal Civilian Executive Branch (FCEB) agency in the U.S. detected anomalous email activity in mid-June 2023, leading to Microsoft’s discovery of a new China-linked espionage campaign targeting two dozen... Read more »