Please turn on your JavaScript for this page to function normally.
industry
APT group has developed custom-made tools for targeting ICS/SCADA devices

Just a few days after news of attempted use of a new variant of the Industroyer malware comes a warning from the US Cybersecurity and Infrastructure Security Agency (CISA): …

VMware
Attackers are exploiting VMware RCE to deliver malware (CVE-2022-22954)

Cyber crooks have begun exploiting CVE-2022-22954, a RCE vulnerability in VMware Workspace ONE Access and Identity Manager, to deliver cryptominers onto vulnerable systems. …

Patch Tuesday
Microsoft fixes actively exploited zero-day reported by the NSA (CVE-2022-24521)

On this April 2022 Patch Tuesday, Microsoft has released patches for 128 CVE-numbered vulnerabilities, including one zero-day exploited in the wild (CVE-2022-24521) and …

Ukraine
Sandworm hackers tried (and failed) to disrupt Ukraine’s power grid

The Computer Emergency Response Team of Ukraine (CERT-UA), with the help of ESET and Microsoft security experts, has thwarted a cyber attack by the Sandworm hackers, who tried …

fix
Windows Autopatch: Managed enterprise patching for Windows and Office

While IT administrators are mentally preparing themselves for yet another Patch Tuesday, Microsoft has announced Windows Autopatch: a new service that aims make the second …

money
More organizations are paying the ransom. Why?

Most organizations (71%) have been hit by ransomware in 2021, and most of those (63%) opted for paying the requested ransom, the 2022 Cyberthreat Defense Report (CDR) by the …

Network
The Cyclops Blink botnet has been disrupted

The US Justice Department has announced that the FBI has disrupted the Cyclops Blink botnet, which they say was under the control of the Sandworm group – a threat actor …

bug bounties
Microsoft asks bug hunters to probe on-premises Exchange, SharePoint servers

Bug hunters that discover and report high-impact security vulnerabilities in on-premises Exchange, SharePoint and Skype for Business may earn as much as $26,000 per eligible …

Spring
CISA adds Spring4Shell to list of exploited vulnerabilities

It’s been almost a week since the Spring4Shell vulnerability (CVE-2022-22965) came to light and since the Spring development team fixed it in new versions of the Spring …

Log4j
Log4Shell exploitation: Which applications may be targeted next?

Spring4Shell (CVE-2022-22965) has dominated the information security news these last six days, but Log4Shell (CVE-2021-44228) continues to demand attention and action from …

Spring
Spring4Shell: No need to panic, but mitigations are advised

Security teams around the world got another shock on Thursday when news of disclosure of a PoC for an unauthenticated RCE zero-day vulnerability in Spring Core, a massively …

malware
Mars Stealer malware pushed via Google Ads and phishing emails

Cybercriminals trying to foist the Mars Stealer malware onto users seemingly have a penchant for one particulat tactic: disguising it as legitimate, benign software to trick …

Don't miss

Cybersecurity news
Daily newsletter sent Monday-Friday
Weekly newsletter sent on Mondays
Editor's choice newsletter sent twice a month
Periodical newsletter released whent there is breaking news
Weekly newsletter listing new cybersecurity job positions
Monthly newsletter focusing on open source cybersecurity tools