Twitter is blasted for security and privacy lapses by the company’s former head of security who alleges the social media giant’s actions amount to a national security risk. Read more »

An insufficient validation input flaw, one of 11 patched in an update this week, could allow for arbitrary code execution and is under active attack. Read more »

Separate fixes to macOS and iOS patch respective flaws in the kernel and WebKit that can allow threat actors to take over devices and are under attack. Read more »

Fake travel reservations are exacting more pain from the travel weary, already dealing with the misery of canceled flights and overbooked hotels. Read more »

Lockbit is by far this summer’s most prolific ransomware group, trailed by two offshoots of the Conti group. Read more »

Researchers uncover a watering hole attack likely carried out by APT TA423, which attempts to plant the ScanBox JavaScript-based reconnaissance tool. Read more »

Researchers discovered a simple malware builder designed to steal credentials, then pinging them to Discord webhooks. Read more »

Microsoft’s May Patch Tuesday update is triggering authentication errors. Read more »

An account promoting the project—which offers a range of threat activity from info-stealing to crypto-mining to ransomware as individual modules—has more than 500 subscribers. Read more »