The Federal Bureau of Investigation warned that patches for a critical Barracuda Email Security Gateway (ESG) remote command injection flaw are “ineffective,” and patched appliances are...
Ransomware threat actors are spending less time on compromised networks before security solutions sound the alarm. In the first half of the year the hackers’ median dwell...
Two vulnerabilities affecting some version of Jupiter X Core, a premium plugin for setting up WordPress and WooCommerce websites, allow hijacking accounts and uploading files without...
The North Korean state-backed hacker group tracked as Lazarus has been exploiting a critical vulnerability (CVE-2022-47966) in Zoho’s ManageEngine ServiceDesk to compromise an internet backbone infrastructure...
The nation’s cyber defense agency is scaling up a key program that gives federal agencies a chance to remediate vulnerabilities before they can be exploited. The...
A London jury has found that an 18-year-old member of the Lapsus$ data extortion gang helped hack multiple high-profile companies, stole data from them, and demanded a...
Thousands of Openfire servers remain vulnerable to CVE-2023-32315, an actively exploited and path traversal vulnerability that allows an unauthenticated user to create new admin accounts. Openfire...
We’re down to the final weeks of registration for mWISE, the highly targeted, community-focused cybersecurity conference from Mandiant, now part of Google Cloud. It takes place...
Proof-of-concept exploit code is now available for a critical Ivanti Sentry authentication bypass vulnerability that enables attackers to execute code remotely as root on vulnerable systems....
Cybercriminals behind the Smoke Loader botnet are using a new piece of malware called Whiffy Recon to triangulate the location of infected devices through WiFi scanning...