Qualys' Threat Research Unit recently showed how a new Linux vulnerability could be chained with two other apparently harmless flaws to gain full root privileges on an affected system.  The researchers stated that the new vulnerability, tracked as…

Researchers have discovered a new wiper Trojan disguised as a ransomware payload in the wild. CryWiper, named after the distinctive '.cry' extension it appends to files, appears to be a new ransomware strain at first glance. The victims' devices appear…

Cyber extortion affects businesses of all sizes worldwide, with 82 percent of cases observed being small businesses, up from 78 percent last year. According to Orange Cyberdefense's latest Security Navigator report, there was a noticeable slowdown in…

Google appears to be reaping the benefits of its decision to use Rust for new code in Android in order to reduce memory-related flaws. Memory safety flaws in Android have been reduced by more than half, a significant achievement coinciding with Google's…

Group-IB found almost three dozen groups of Russian hackers using the stealer-as-a-service model to spread infostealer malware. An infostealer is a type of malware that collects browser credentials, payment card numbers, and cryptocurrency wallet…

A new Malware-as-a-Service (MaaS) operation called 'DuckLogs' is providing low-skilled attackers with easy access to multiple modules for data theft, keystroke logging, clipboard data access, and remote access to the compromised host. DuckLogs is…

A previously unknown Go-based malware is targeting Redis servers with the intent of taking control of infected systems and likely establishing a botnet network. According to cloud security firm Aqua, the attacks involve exploiting a critical security…

Security researchers at industrial cybersecurity firm Nozomi Networks have recently discovered three vulnerabilities in Mitsubishi Electric’s GX Works3 engineering workstation software that could be exploited to hack safety systems.  GX Works3 is…

Netwrix has released additional findings from its global 2022 Cloud Security Report for the financial and banking sectors. Financial institutions are much more concerned about users who have legitimate access to their cloud infrastructure than other…

When an attacker submits changes to an open-source repository on GitHub, downstream software projects that include the most recent version of a component may compile updates containing malicious code. According to Legit Security, a software supply chain…

The US Cybersecurity and Infrastructure Security Agency (CISA) has warned of the continued threat posed by the Cuba ransomware variant, which has made its affiliates and developers $60m as of August.  CISA revealed in a new alert that the ransomware…

This week, NATO kicked off its Cyber Coalition 22 exercise to enhance cyber resilience among its members.  NATO brought together 1000 defenders from 26 member countries plus Finland and Sweden, Georgia, Ireland, Japan, Switzerland, and the EU, as…