Zeljka Zorz
PolKit vulnerability can give attackers root on many Linux distros (CVE-2021-4034)
A memory corruption vulnerability (CVE-2021-4034) in PolKit, a component used in major Linux distributions and some Unix-like operating systems, can be easily exploited by …
EU launches bug bounty programs for five open source solutions
The European Union is, once again, calling on bug hunters to delve into specific open source software and report bugs. This time around, the list of software that should be …
Google Drive starts warning users about suspicious files
Google has announced on Thursday that it has started warning users when they open potentially suspicious or dangerous files hosted on Google Drive. “We will display a …
New SolarWinds Serv-U vulnerability targeted in Log4j-related attacks
Attackers looking to exploit recently discovered Log4j vulnerabilities are also trying to take advantage of a previously undisclosed vulnerability in the SolarWinds Serv-U …
Phishers go after business email credentials by impersonating U.S. DOL
Phishers are trying to harvest credentials for Office 365 or other business email accounts by impersonating the U.S. Department of Labor (DOL), Inky‘s researchers have …
VirusTotal Hacking: Finding stolen credentials hosted on VirusTotal
VirusTotal, the popular online service for analyzing suspicious files, URLs and IP addresses, can be used to collect credentials stolen by malware, researchers at SafeBreach …
Phishers’ favorite brands in Q4 2021
International courier and package delivery company DHL heads the list of most imitated brands by phishers and malware peddlers in Q4 2021, according to Check Point Research. …
Ukraine: Wiper malware masquerading as ransomware hits government organizations
In the wake of last week’s attention-grabbing defacements of many Ukrainian government websites, Microsoft researchers have revealed evidence of a malware operation …
Phishers are targeting Office 365 users by exploiting Adobe Cloud
Phishers are creating Adobe Creative Cloud accounts and using them to send phishing emails capable of thwarting traditional checks and some advanced threat protection …
A new multi-platform backdoor is leveraged by an advanced threat actor
A novel multi-platform backdoor dubbed SysJoker has been successfully evading security solutions since mid-2021. “In the Linux and macOS versions, it masquerades as a …
Microsoft fixes wormable RCE in Windows Server and Windows (CVE-2022-21907)
The first Patch Tuesday of 2022 is upon us, and Microsoft has delivered patches for 96 CVE-numbered vulnerabilities, including a wormable RCE flaw in Windows Server …
Detect and identify IoT malware by analyzing electromagnetic signals
Electromagnetic (EM) emanations can be recorded and used to detect and identify malware running on IoT devices, a group of researchers working at IRISA have proven. The setup …
Featured news
Resources
Don't miss
- Shadow AI risk: Navigating the growing threat of ungoverned AI adoption
- CISA: Patch Samsung flaw exploited to deliver spyware (CVE-2025-21042)
- Attackers exploited another Gladinet Triofox zero-day (CVE-2025-12480)
- To get funding, CISOs are mastering the language of money
- CISOs are cracking under pressure