Help Net Security newsletters: Latest news, cybersecurity jobs, open source – subscribe here!

Please turn on your JavaScript for this page to function normally.
xfinity
Citrix Bleed leveraged to steal data of 35+ million Comcast Xfinity customers

Telecommunications company Comcast has confirmed a breach that exposed personal information of more than 35.8 million of Xfinity customers. Exploiting Citrix Bleed to breach …

mr. Cooper
Mr. Cooper breach exposes sensitive info of over 14 million customers

Mortgage company Mr. Cooper has confirmed that personal information of over 14.6 million customers has been exposed in its October 2023 data breach. The breach “On …

printer
Microsoft is working on a more secure print system for Windows

After announcing a gradual elimination of third-party printer drivers on Windows earlier this year, Microsoft has now unveiled its plan for enhancing security by introducting …

Qakbot
Qakbot returns in fresh assault on hospitality sector

The Qakbot botnet has been disrupted this summer, but cybercriminals are not ready to give up on the malware: Microsoft’s threat analysts have spotted a new phishing …

MongoDB
MongoDB corporate systems breached, customer data exposed

Database management company MongoDB has suffered a breach: attackers have gained access to some of its corporate systems and customer data and metadata. The MongoDB breach …

cyber threat
Russian hackers target unpatched JetBrains TeamCity servers

Russian state-sponsored hackers have been exploiting CVE-2023-42793 to target unpatched, internet-facing JetBrains TeamCity servers since September 2023, US, UK and Polish …

Microsoft
Attackers abuse OAuth apps to initiate large-scale cryptomining and spam campaigns

Attackers are compromising high-privilege Microsoft accounts and abusing OAuth applications to launch a variety of financially-motivated attacks. Abusing OAuth applications …

Log4j
Lazarus exploit Log4Shell vulnerability to deliver novel RAT malware

North Korea-backed group Lazarus has been spotted exploiting the Log4Shell vulnerability (CVE-2021-44228) and novel malware written in DLang (i.e., the memory-safe D …

passwords
Many popular websites still cling to password creation policies from 1985

A significant number of popular websites still allow users to choose weak or even single-character passwords, researchers at Georgia Institute of Technology have found. …

Meta
Meta introduces default end-to-end encryption for Messenger and Facebook

Meta is introducing default end-to-end encryption (E2EE) for chats and calls across Messenger and Facebook, the company revealed on Wednesday. Rolling out E2EE for Messenger …

Atlassian
Atlassian fixes four critical RCE vulnerabilities, patch quickly!

Atlassian has released security updates for four critical vulnerabilities (CVE-2023-1471, CVE-2023-22522, CVE-2023-22524, CVE-2023-22523) in its various offerings that could …

Adobe ColdFusion
CISA: Adobe ColdFusion flaw leveraged to access government servers (CVE-2023-26360)

Unknown attackers have leveraged a critical vulnerability (CVE-2023-26360) in the Adobe ColdFusion application development platform to access government servers, the …

Don't miss

Cybersecurity news