Zeljka Zorz
Attackers exploit another zero-day in ManageEngine software (CVE-2021-44515)
A vulnerability (CVE-2021-44515) in ManageEngine Desktop Central is being leveraged in attacks in the wild to gain access to server running the vulnerable software. About …
Determined APT is exploiting ManageEngine ServiceDesk Plus vulnerability (CVE-2021-44077)
An APT group is leveraging a critical vulnerability (CVE-2021-44077) in Zoho ManageEngine ServiceDesk Plus to compromise organizations in a variety of sectors, including …
300.000+ users downloaded malware droppers from Google Play
Since August 2021, malware peddlers have managed to spread four families of Android banking trojans via malware droppers introduced in Google Play. They did it by employing a …
After failed fix, researcher releases exploit for Windows EoP flaw (CVE-2021-41379)
A local elevation of privilege vulnerability (CVE-2021-41379) in the Windows Installer that Microsoft supposedly fixed on November 2021 Patch Tuesday is, according to its …
Small businesses urged to protect their customers from card skimming
With Black Friday and Cyber Monday quickly approaching, the UK National Cyber Security Centre (NCSC) is urging small online shops to protect their customers from card skimming …
GoDaddy breach: SSL keys, sFTP, database passwords of WordPress customers exposed
GoDaddy, the popular internet domain registrar and web hosting company, has suffered a data breach that affected over a million of their Managed WordPress customers. What …
How to find hidden spy cameras with a smartphone
Researchers from the National University of Singapore and Yonsei University in South Korea have devised a mobile application that uses smartphones’ time-of-flight (ToF) …
Malicious Python packages employ advanced detection evasion techniques
JFrog researchers have discovered 11 malicious Python packages on PyPI, the official third-party package repository for Python, which have been collectively downloaded over …
What’s stopping consumers from acting on a data breach notice?
Only three percent of consumers implemented a credit freeze after receiving a data breach notice, 11 percent enrolled in credit/data monitoring, and only 22 percent changed …
Researchers shed light on hidden root CAs
How widespread is the use of hidden root CAs and certificates signed by them? To answer that and other questions, a group of researchers from several Chinese and U.S. …
GitHub fixed serious npm registry vulnerability, will mandate 2FA use for certain accounts
GitHub has fixed a serious vulnerability that would have allowed attackers to publish new, malicious versions of any existing package on the npm registry. About the fixed …
Emotet stages a comeback via Trickbot and spam
Emotet is back – a number of researchers have confirmed. About Emotet Emotet is a modular banking trojan that also functions as a downloader of other trojans and …
Featured news
Resources
Don't miss
- When every day is threat assessment day
- Autonomous AI could challenge how we define criminal behavior
- ProxyBridge: Open-source proxy routing for Windows applications
- Shadow AI risk: Navigating the growing threat of ungoverned AI adoption
- CISA: Patch Samsung flaw exploited to deliver spyware (CVE-2025-21042)