Proof-of-concept exploit code will be released later this week for a critical vulnerability allowing remote code execution (RCE) without authentication in several VMware products. Tracked as...
Popular DevOps platform CircleCI has blamed an attack that successfully planted malware on an internal engineer’s laptop for a recent security breach. The attack, acknowledged on January 4, prompted...
The Liquor Control Board of Ontario (LCBO), a Canadian government enterprise and the country’s largest beverage alcohol retailer, revealed that unknown attackers had breached its website...
Hackers breached CircleCi in December after an engineer became infected with information-stealing malware that their 2FA-backed SSO session cookie, allowing access to the company’s internal systems. Earlier...
France’s data protection authority (CNIL) has fined TikTok UK and TikTok Ireland €5,000,000 for making it difficult for users of the platform to refuse cookies and...
Twitter finally addressed reports that a dataset of email addresses linked to hundreds of millions of Twitter users was leaked and put up for sale online,...
A financially motivated threat actor tracked as Scattered Spider was observed attempting to deploy Intel Ethernet diagnostics drivers in a BYOVD (Bring Your Own Vulnerable Driver)...
Australia’s Fire Rescue Victoria has disclosed a data breach caused by a December cyberattack that is now claimed by the Vice Society ransomware gang. Fire Rescue...
Microsoft says Cuba ransomware threat actors are hacking Microsoft Exchange servers unpatched against a critical server-side request forgery (SSRF) vulnerability also exploited in Play ransomware attacks....
Hackers are actively exploiting a critical vulnerability patched recently in Control Web Panel (CWP), a tool for managing servers formerly known as CentOS Web Panel. The...