Please turn on your JavaScript for this page to function normally.
Progress MOVEit
MOVEit Transfer zero-day was exploited by Cl0p gang (CVE-2023-34362)

The zero-day vulnerability attackers have exploited to compromise vulnerable Progress Software’s MOVEit Transfer installations finally has an identification number: …

Progress MOVEit
MOVEit Transfer zero-day attacks: The latest info

There’s new information about the zero-day vulnerability in Progress Software’s MOVEit Transfer solution exploited by attackers and – more importantly – …

Barracuda
Attackers hacked Barracuda ESG appliances via zero-day since October 2022

Barracuda says that the recently discovered compromise of some of it clients’ ESG appliances via a zero-day vulnerability (CVE-2023-2868) resulted in the deployment of …

bad bots
Bad bots are coming for APIs

In 2022, 47.4% of all internet traffic came from bots, a 5.1% increase over the previous year, according to Imperva. The proportion of human traffic (52.6%) decreased to its …

Dragos
Dragos blocks ransomware attack, brushes aside extortion attempt

A ransomware group has tried and failed to extort money from Dragos, the industrial cybersecurity firm has confirmed on Wednesday, and reassured that none of its systems or …

Western Digital
Western Digital store offline due to March breach

The Western Digital online store is offline as a result of the “network security incident” it suffered in March 2023. Users have been notified On May 5, 2023, the …

ChatGPT
Fake ChatGPT desktop client steals Chrome login data

Researchers are warning about an infostealer mimicking a ChatGPT Windows desktop client that’s capable of copying saved credentials from the Google Chrome login data …

hand
Rilide browser extension steals MFA codes

Cryptocurrency thieves are targeting users of Chromium-based browsers – Google Chrome, Microsoft Edge, Brave Browser, and Opera – with an extension that steals …

money
New York law firm gets fined $200k for failing to protect health data

A New York law firm has agreed to pay $200,000 in penalties to the state because it failed to protect the private and electronic health information of approximately 114,000 …

cloud
Google Cloud Platform allows data exfiltration without a (forensic) trace

Attackers can exfiltrate company data stored in Google Cloud Platform (GCP) storage buckets without leaving obvious forensic traces of the malicious activity in GCP’s …

CircleCI
CircleCI breach post-mortem: Attackers got in by stealing engineer’s session cookie

The attackers who pulled off the recent breach of continuous integration and continuous delivery (CI/CD) platform maker CircleCI got in by compromising an engineer’s …

Eyes
Fake subscription invoices lead to corporate data theft and extortion

A threat actor dubbed Luna Moth has been leveraging social engineering and legitimate software to steal sensitive data and extort money from small and medium-size businesses. …

Don't miss

Cybersecurity news