Zeljka Zorz

Microsoft patches zero-day exploited by attackers (CVE-2023-28252)
It’s April 2023 Patch Tuesday, and Microsoft has released fixes for 97 CVE-numbered vulnerabilities, including one actively exploited zero-day (CVE-2023-28252). About …

Apple rushes fixes for exploited zero-days in iPhones and Macs (CVE-2023-28205, CVE-2023-28206)
Apple has pushed out security updates that fix two actively exploited zero-day vulnerabilities (CVE-2023-28205, CVE-2023-28206) in macOS, iOS and iPadOS. Reported by …

Rilide browser extension steals MFA codes
Cryptocurrency thieves are targeting users of Chromium-based browsers – Google Chrome, Microsoft Edge, Brave Browser, and Opera – with an extension that steals …

Rorschach ransomware deployed by misusing a security tool
An unbranded ransomware strain that recently hit a US-based company is being deployed by attackers who are misusing a tool included in a commercial security product, Check …

Flood of malicious packages results in NPM registry DoS
Attackers are exploiting the good reputation and “openness” of the popular public JavaScript software registry NPM to deliver malware and scams, but are also …

Prevent and detect Adobe ColdFusion exploitation (CVE-2023-26360, CVE-2023-26359)
When Adobe released security updates for its ColdFusion application development platform last month, it noted that one of the vulnerabilities (CVE-2023-26360) had been …

3CX supply chain attack: What do we know?
Five days have passed since the supply chain attack targeting 3CX customers gained wider public attention, but the software’s manufacturer is yet to confirm how the …

Western Digital network security incident and service outage
US-based data storage company Western Digital has announced that it has suffered a network security incident that resulted in an unauthorized third party gaining access to a …

Ransomware gangs are exploiting IBM Aspera Faspex RCE flaw (CVE-2022-47986)
Attackers are exploiting a critical vulnerability (CVE-2022-47986) in the IBM Aspera Faspex centralized file transfer solution to breach organizations. About CVE-2022-47986 …

3CX customers targeted via trojanized desktop app
Suspected state-sponsored threat actors have trojanized the official Windows desktop app of the widely used 3CX softphone solution, a number of cybersecurity companies began …

Microsoft unveils AI-powered Security Copilot analysis tool
Microsoft has unveiled Security Copilot, an AI-powered analysis tool that aims to simplify, augment and accelerate security operations (SecOps) professionals’ work. …

Exchange Online will soon start blocking emails from old, vulnerable on-prem servers
Slowly but surely, Microsoft aims to make it impossible for unsupported and/or unpatched on-prem Microsoft Exchange servers to use the company’s Exchange Online hosted …
Featured news
Resources
Don't miss
- Attackers exploited old flaws to breach SonicWall SMA appliances (CVE-2024-38475, CVE-2023-44221)
- New Microsoft accounts will be “passwordless by default”
- Why SMEs can no longer afford to ignore cyber risk
- Preparing for the next wave of machine identity growth
- Hottest cybersecurity open-source tools of the month: April 2025