New Aqua Security research found secrets from organizations, including credentials, Application Programming Interface (API) tokens, and passkeys, that have been exposed for years.

Threat actors are exploiting a new critical authentication bypass flaw in Progress MOVEit Transfer, which is a Managed File Transfer (MFT) solution used to securely transfer files between business partners and customers.

Siemens recently patched several vulnerabilities in some of its Sicam products that could be exploited in attacks against the energy sector.

Promon research highlights a new malware strain called "Snowblind" targeting banking customers in Southeast Asia. The new malware disables Android banking apps' ability to detect malicious modifications, thus avoiding detection.

Levi's recently announced that tens of thousands of their customers may have had their accounts compromised after a credential stuffing attack.

According to security researchers at Defiant, malicious code injected over the past week in five WordPress plugins creates a new administrative account.

The National Institute of Standards and Technology (NIST) has launched a collaborative project to adapt its digital identity guidelines to support public benefits programs, such as those that help beneficiaries pay for food, housing, and more.

"P2PInfect" is a worm that uses the Redis in-memory database application to spread across networks in a peer-to-peer, worm-like way, building a botnet in the process.

Threat actors are using a new attack method involving specially crafted Management Saved Console (MSC) files to gain full code execution through Microsoft Management Console (MMC) and dodge security defenses.