#Vulnerabilities

Researchers have spotted a second, worldwide campaign exploiting the Zoho zero-day: one that’s breached defense, energy and healthcare organizations.

CISA is urging vendors to patch, given the release of public exploit code & a proof of concept tool for bugs that open billions of devices – phones, PCs, toys, etc. – to DoS & code execution.

Joseph Carson, chief security scientist and advisory CISO at ThycoticCentrify, offers advice on least privilege, automation, application control and more.

Malicious Phantom, MetaMask cryptowallets are on the prowl to drain victim funds.

A savvy campaign impersonating the cybersecurity company skated past Microsoft email security.

The U.S. State Department ups the ante in its hunt for the ransomware perpetrators by offering a sizeable cash sum for locating and arresting leaders of the cybercriminal group.

NSO Group plans to fight the trade ban, saying it's "dismayed" and clinging to the mantra that its tools actually help to prevent terrorism and crime.

Invest and practice: Grant Oviatt, director of incident-response engagements at Red Canary, lays out the key building blocks for effective IR.

A fake Steam pop-up prompts users to ‘link’ Discord account for free Nitro subs.

The bug (CVE-2021-43267) exists in a TIPC message type that allows Linux nodes to send cryptographic keys to each other.