Zeljka Zorz
Meteoric attack deploys Quantum ransomware in mere hours
A group wielding the Quantum Locker ransomware is hitting targets in a blitzkrieg-like manner, going from intial compromise to domain-wide deployment and execution in under …
Critical Microsoft RPC runtime bug: No PoC exploit yet, but patch ASAP! (CVE-2022-26809)
Three days have passed since Microsoft’s latest Patch Tuesday, and CVE-2022-26809 has emerged as the vulnerability with the most exploitation potential. It’s easy …
APT group has developed custom-made tools for targeting ICS/SCADA devices
Just a few days after news of attempted use of a new variant of the Industroyer malware comes a warning from the US Cybersecurity and Infrastructure Security Agency (CISA): …
Attackers are exploiting VMware RCE to deliver malware (CVE-2022-22954)
Cyber crooks have begun exploiting CVE-2022-22954, a RCE vulnerability in VMware Workspace ONE Access and Identity Manager, to deliver cryptominers onto vulnerable systems. …
Microsoft fixes actively exploited zero-day reported by the NSA (CVE-2022-24521)
On this April 2022 Patch Tuesday, Microsoft has released patches for 128 CVE-numbered vulnerabilities, including one zero-day exploited in the wild (CVE-2022-24521) and …
Sandworm hackers tried (and failed) to disrupt Ukraine’s power grid
The Computer Emergency Response Team of Ukraine (CERT-UA), with the help of ESET and Microsoft security experts, has thwarted a cyber attack by the Sandworm hackers, who tried …
Windows Autopatch: Managed enterprise patching for Windows and Office
While IT administrators are mentally preparing themselves for yet another Patch Tuesday, Microsoft has announced Windows Autopatch: a new service that aims make the second …
More organizations are paying the ransom. Why?
Most organizations (71%) have been hit by ransomware in 2021, and most of those (63%) opted for paying the requested ransom, the 2022 Cyberthreat Defense Report (CDR) by the …
The Cyclops Blink botnet has been disrupted
The US Justice Department has announced that the FBI has disrupted the Cyclops Blink botnet, which they say was under the control of the Sandworm group – a threat actor …
Microsoft asks bug hunters to probe on-premises Exchange, SharePoint servers
Bug hunters that discover and report high-impact security vulnerabilities in on-premises Exchange, SharePoint and Skype for Business may earn as much as $26,000 per eligible …
CISA adds Spring4Shell to list of exploited vulnerabilities
It’s been almost a week since the Spring4Shell vulnerability (CVE-2022-22965) came to light and since the Spring development team fixed it in new versions of the Spring …
Log4Shell exploitation: Which applications may be targeted next?
Spring4Shell (CVE-2022-22965) has dominated the information security news these last six days, but Log4Shell (CVE-2021-44228) continues to demand attention and action from …
Featured news
Resources
Don't miss
- Google fixes actively exploited Chrome zero-day vulnerability (CVE-2025-10585)
- LinkedIn now uses your data for AI by default, opt out now!
- Behind the scenes of cURL with its founder: Releases, updates, and security
- Product showcase: Exaforce – The full lifecycle AI SOC platform
- AI made crypto scams far more dangerous