The security vendor kept a critical vulnerability in its firewall appliances quiet even as it was…
Author: Dan Goodin, Ars Technica
A Sinister Way to Beat Multifactor Authentication Is on the Rise
Lapsus$ and the group behind the SolarWinds hack have utilized prompt bombing to defeat weaker MFA…
A Developer Altered Open Source Software to Wipe Files in Russia
The author of a popular application pushed out an update containing malicious code in an effort…
Hackers Find a New Way to Deliver Devastating DDoS Attacks
Cybercriminals are exploiting a fleet of more than 100,000 misconfigured servers to knock websites offline.
Millions of WordPress Sites Got a Forced Update for a Serious Bug
The mandatory patch addressed a critical vulnerability in a widely used plugin that allowed untrusted visitors…
US Agencies Say Russian Hackers Compromised Defense Contractors
Kremlin-backed cyber actors lurked in the networks for months, obtaining sensitive documents related to weapons and…
Hackers Rigged Hundreds of Ecommerce Sites to Steal Payment Info
The attackers exploited a known vulnerability and installed credit card skimmers on more than 500 websites.
An Insidious Mac Malware Is Growing More Sophisticated
When UpdateAgent emerged in late 2020, it utilized basic infiltration techniques. Its developers have since expanded…
A Bug in iOS 15 Is Leaking User Browsing Activity in Real Time
Apple has known about the vulnerability, which also affects iPadOS 15 and Safari 15, since late…
Microsoft Seizes Domains Used by a Chinese Hacking Group
The move delivers a blow to the hackers behind sophisticated attacks on government agencies, think tanks,…