security vulnerabilites

Cybercriminals are now delivering stealthy malware onto Macs using pirated versions of the video editing software Final Cut Pro. This is a concerning trend because it demonstrates how cybercriminals are...

Threat actors are actively exploiting two zero-day vulnerabilities in Windows and iOS, according to the U.S. Cybersecurity and Infrastructure Security Agency (CISA). The first flaw, CVE-2022-28244, affects Windows 10 and...

A game mode in Dota 2 exploited a high-severity vulnerability, allowing attackers to remotely execute code on the targeted system. The flaw was discovered in September 2022, but it went...

Censys, a security firm, has warned that up to 29,000 network storage devices manufactured by Taiwan-based QNAP are vulnerable to easily executed SQL injection attacks, granting complete control to unauthenticated...

A Lazarus Group cyberattack is targeting the medical research and energy industries, and their supply chain partners, through exploiting known vulnerabilities found in unpatched Zimbra devices, according to WithSecure research....

Admins, hosting providers, and the French Computer Emergency Response Team (CERT-FR) have warned of a new ransomware attack named ESXiArgs that is targeting VMware ESXi servers which have not been...

Threat actors are targeting Bitwarden through Google ads phishing campaigns in order to steal users’ password vault credentials. A spoof version of Bitwarden was expertly created to look exactly like...

Chinese hackers were discovered using a recently discovered flaw in Fortinet’s FortiOS software as a zero-day vulnerability to distribute malware. CVE-2022-42475 (CVSS score of 9.8) is a buffer overflow vulnerability...

Malicious hackers have started exploiting a critical vulnerability CVE-2022-44877 in unpatched versions of the Control Web Panel, a popular free, closed-source web-hosting interface. The vulnerability allows remote code execution without...

Deep Instinct researchers reported that RATs like StrRAT and Ratty were used in a 2022 campaign via polyglot and JAR files. Both threats appear to report back to the same...

According to CircleCI’s CTO, Rob Zuber, CircleCI is working with Amazon Web Services to notify customers who have AWS tokens that may have been impacted by the Jan. 4 security...