Trends

NOTE: While the researchers at Sysdig refer to this Spring Cloud bug as “Spring4Shell,” it should be noted that there is some confusion as to Read More

A spearphishing campaign targeting Russian citizens and government entities that are not aligned with the actions of the Russian government is the latest in numerous Read More

The Lapsus$ data extortionists are back from a week-long “vacation,” they announced on Telegram, posting ~70GB worth of data purportedly stolen from software development giant Read More

The ever-evolving banking trojan IcedID is back again with a phishing campaign that uses previously compromised Microsoft Exchange servers to send emails that appear to Read More

What researchers are calling a “horde” of miner bots and backdoors are using the Log4Shell bug to take over vulnerable VMware Horizon servers, with threat Read More

On Friday, Okta – the authentication firm-cum-Lapsus$-victim – admitted that it “made a mistake” in handling the recently revealed Lapsus$ attack. The mistake: trusting that Read More

North Korean threat actors exploited a remote code execution (RCE) zero-day vulnerability in Google’s Chrome web browser weeks before the bug was discovered and patched, Read More

The U.S. Department of Justice (DOJ) has indicted four Russian government employees in connection to plots to cyber-fry critical infrastructure in the United States and Read More

City of London Police have arrested seven people suspected of being connected to the Lapsus$ gang. The bust came within hours of Bloomberg having published Read More

The latest installment of the Dark Souls gaming franchise, Elden Ring, contains a security vulnerability that allows bad actors to throw players on PCs into Read More