#Vulnerabilities

The high-severity bug, tracked as CVE-2021-1529, is an OS command-injection flaw.

The platform’s Content Delivery Network and core features are being used to send malicious files—including RATs--across its network of 150 million users, putting corporate workplaces at risk.

Meanwhile, Zerodium's quest to buy VPN exploits is problematic, researchers said.

A new email campaign from the threat group uses the attack-simulation framework in a likely leadup to ransomware deployment.

If AvosLocker stole Gigabyte's master keys, threat actors could force hardware to download fake drivers or BIOS updates in a supply-chain attack a la SolarWinds.

Hardly a week goes by without another major company falling victim to a ransomware attack. Nate Warfield, CTO at Prevailion, discusses the immense challenges in changing that status quo.

Chicago-based Ferrara acknowledged an Oct. 9 attack that encrypted some systems and disrupted production.

Experts warn that virtual private networks are increasingly vulnerable to leaks and attack.

Disguised as an IT firm, the APT is hitting targets in Afghanistan & India, exploiting a 20-year-old+ Microsoft Office bug that's as potent as it is ancient.

The out-of-bounds read vulnerability enables an attacker to escape a Squirrel VM in games with millions of monthly players – such as Counter-Strike: Global Offensive and Portal 2 – and in cloud services such as Twilio Electric Imp.