Taiwanese company QNAP has released updates to remediate a critical security flaw affecting its network-attached storage (NAS) devices that could lead to arbitrary code injection. Tracked as CVE-2022-27596, the vulnerability... Read more »

GitHub on Monday disclosed that unknown threat actors managed to exfiltrate encrypted code signing certificates pertaining to some versions of GitHub Desktop for Mac and Atom apps. As a... Read more »

A new Golang-based information stealer malware dubbed Titan Stealer is being advertised by threat actors through their Telegram channel. “The stealer is capable of stealing a variety of information from infected... Read more »

Researchers are warning about a spike in exploitation attempts weaponizing a critical remote code execution flaw in Realtek Jungle SDK since the start of August 2022. According to Palo... Read more »

The threat actors associated with the Gootkit malware have made “notable changes” to their toolset, adding new components and obfuscations to their infection chains. Google-owned Mandiant is monitoring the activity cluster... Read more »

Microsoft is urging customers to keep their Exchange servers updated as well as take steps to bolster the environment, such as enabling Windows Extended Protection and configuring certificate-based signing of PowerShell serialization payloads.... Read more »

The use of software as a service (SaaS) is experiencing rapid growth and shows no signs of slowing down. Its decentralized and easy-to-use nature is beneficial for increasing employee... Read more »

The Internet Systems Consortium (ISC) has released patches to address multiple security vulnerabilities in the Berkeley Internet Name Domain (BIND) 9 Domain Name System (DNS) software suite that could... Read more »

Ukraine has come under a fresh cyber onslaught from Russia that involved the deployment of a previously undocumented Golang-based data wiper dubbed SwiftSlicer. ESET attributed the attack to Sandworm, a... Read more »