Zeljka Zorz

Tech support scammers impersonate Google via malicious search ads
Google Search ads that target users looking for Google’s own services lead them to spoofed sites and Microsoft and Apple tech support scams. The fake Google Search ads …

Hide yo environment files! Or risk getting your cloud-stored data stolen and held for ransom
Cybercriminals are breaking into organizations’ cloud storage containers, exfiltrating their sensitive data and, in several cases, have been paid off by the victim …

Critical RCE bug in SolarWinds Web Help Desk fixed (CVE-2024-28986)
SolarWinds has fixed a critical vulnerability (CVE-2024-28986) in its Web Help Desk (WHD) solution that may allow attackers to run commands on the host machine. “While …

Microsoft fixes 6 zero-days under active attack
August 2024 Patch Tuesday is here, and Microsoft has delivered fixes for 90 vulnerabilities, six of which have been exploited in the wild as zero-days, and four are publicly …

Scammers dupe chemical company into wiring $60 million
Orion S.A., a global chemical company with headquarters in Luxembourg, has become a victim of fraud: it lost approximately $60 million through “multiple fraudulently …

Australian gold mining company hit with ransomware
Australian gold mining firm Evolution Mining has announced on Monday that it became aware on 8 August 2024 of a ransomware attack impacting its IT systems, and has been …

Chrome, Edge users beset by malicious extensions that can’t be easily removed
A widespread campaign featuring a malicious installer that saddles users with difficult-to-remove malicious Chrome and Edge browser extensions has been spotted by researchers. …

Unpatched MS Office flaw may leak NTLM hashes to attackers (CVE-2024-38200)
A new MS Office zero-day vulnerability (CVE-2024-38200) can be exploited by attackers to grab users’ NTLM hashes, Microsoft has shared late last week. The vulnerability …

Critical 1Password flaws may allow hackers to snatch your passwords (CVE-2024-42219, CVE-2024-42218)
Two vulnerabilities (CVE-2024-42219, CVE-2024-42218) affecting the macOS version of the popular 1Password password manager could allow malware to steal secrets stored in the …

“0.0.0.0-Day” vulnerability affects Chrome, Safari and Firefox
A “0.0.0.0-Day” vulnerability affecting Chrome, Safari and Firefox can be – and has been – exploited by attackers to gain access to services on …

Microsoft 365 anti-phishing alert “erased” with one simple trick
Attackers looking for a way into organizations using Microsoft 365 can make an alert identifying unsolicited (and thus potential phishing) emails “disappear”. …

“Perfect” Windows downgrade attack turns fixed vulnerabilities into zero-days
A researcher has developed a downgrade attack that can make Windows machines covertly, persistently and irreversibly vulnerable, even if they were fully patched before that. A …
Featured news
Resources
Don't miss
- Hackers love LOTL, this approach shuts them down
- A2AS framework targets prompt injection and agentic AI security risks
- How to stop a single vendor breach from taking down your business
- CISA says it will fill the gap as federal funding for MS-ISAC dries up
- Webinar: The BAS Summit 2025: Redefining Attack Simulation through AI