ConnectWise is warning ScreenConnect customers of a cryptographic signature verification vulnerability that could lead to unauthorized access and privilege escalation. […]
ConnectWise patches new flaw allowing ScreenConnect hijacking Read More »
CISA has ordered U.S. government agencies to secure their servers against an actively exploited vulnerability in the Zimbra Collaboration Suite (ZCS). […]
CISA orders feds to patch Zimbra XSS flaw exploited in attacks Read More »
Identity protection company Aura has confirmed that an unauthorized party gained access to nearly 900,000 customer records containing names and email addresses. […]
Aura confirms data breach exposing 900,000 marketing contacts Read More »
Marquis, a Texas-based financial services provider, revealed this week that a ransomware gang stole the data of over 670,000 individuals in an August 2025 cyberattack that also disrupted operations at 74 banks across the United States. […]
Marquis: Ransomware gang stole data of 672K people in cyberattack Read More »
The Interlock ransomware gang has been exploiting a maximum severity remote code execution (RCE) vulnerability in Cisco’s Secure Firewall Management Center (FMC) software in zero-day attacks since late January. […]
Ransomware gang exploits Cisco flaw in zero-day attacks since January Read More »
A new exploit kit for iOS devices and delivery framework dubbed “Darksword” has been used to steal a wide range of personal information, including data from cryptocurrency wallet app. […]
New DarkSword iOS exploit used in infostealer attack on iPhones Read More »
Refund fraud is now a business, with methods and tutorials sold to exploit return policies for profit. Flare shows how fraudsters turn refunds and chargebacks into a repeatable profit model. […]
The Refund Fraud Economy: Exploiting Major Retailers and Payment Platforms Read More »
Customers of upscale department store chain Nordstrom received fraudulent messages from a legitimate company email address that promoted cryptocurrency scams disguised as a St. Patrick’s Day promotion. […]
Nordstrom’s email system abused to send crypto scams to customers Read More »
The ransomware operation known as LeakNet has adopted the ClickFix social engineering tactic delivered through compromised websites as an initial access method. The use of ClickFix, where users are tricked into manually running malicious commands to address non-existent errors, is a departure from relying on traditional methods for obtaining initial access, such as through stolen
LeakNet Ransomware Uses ClickFix via Hacked Sites, Deploys Deno In-Memory Loader Read More »
Cybersecurity researchers have disclosed details of a new method for exfiltrating sensitive data from artificial intelligence (AI) code execution environments using domain name system (DNS) queries. In a report published Monday, BeyondTrust revealed that Amazon Bedrock AgentCore Code Interpreter’s sandbox mode permits outbound DNS queries that an attacker can exploit to enable interactive shells
AI Flaws in Amazon Bedrock, LangSmith, and SGLang Enable Data Exfiltration and RCE Read More »