How 3 hours of inaction from Amazon cost cryptocurrency holders $235,000
For 2nd time in 4 years, Amazon loses control of its IP space in BGP hijacking.
Breach of software maker used to backdoor as many as 200,000 servers
Hack of FishPig distribution server used to install Rekoobe on customer systems.
Phishers who breached Twilio and targeted Cloudflare could easily get you, too
Unusually resourced threat actor has targeted multiple companies in recent days.
Discovery of new UEFI rootkit exposes an ugly truth: The attacks are invisible to us
Turns out they're not all that rare. We just don't know how to find them.
Google Play hides app permissions in favor of developer-written descriptions
Let's hope nobody lies about what permissions their app uses.
Ongoing phishing campaign can hack you even when you’re protected with MFA
Campaign that steals email has targeted at least 10,000 organizations since September.
A new vulnerability in Intel and AMD CPUs lets hackers steal encryption keys
Hertzbleed attack targets power-conservation feature found on virtually all modern CPUs.
Researchers devise iPhone malware that runs even when device is turned off
Research is largely theoretical but exposes an overlooked security issue.
Zyxel silently patches command-injection vulnerability with 9.8 severity rating
Flaw makes it possible to install web shell to maintain control of affected devices.
Researcher uses 379-year-old algorithm to crack crypto keys found in the wild
It takes only a second to crack the handful of weak keys. Are there more out there?
Russia’s Sandworm hackers attempted a third blackout in Ukraine
The attack was the first in five years to use Sandworm's Industroyer malware.
Explaining Spring4Shell: The Internet security disaster that wasn’t
Vulnerability in the Spring Java Framework is important, but it's no Log4Shell.
Lapsus$ and SolarWinds hackers both use the same old trick to bypass MFA
Not all MFA is created equal, as script kiddies and elite hackers have shown recently.
Behold, a password phishing site that can trick even savvy users
Just when you thought you'd seen every phishing trick out there, BitB comes along.
Sabotage: Code added to popular NPM package wiped files in Russia and Belarus | Ars Technica
When code with millions of downloads nukes user files, bad things can happen.
New method that amplifies DDoSes by 4 billion-fold. What could go wrong?
New method also stretches out DDoS durations to 14 hours.
Cybercriminals who breached Nvidia issue one of the most unusual demands ever
Chipmaker has until Friday to comply or see its crown-jewel source code released.
VMware Horizon servers are under active exploit by Iranian state hackers
Hackers aligned with the government of Iran are exploiting the critical Log4j vulnerability to infect unpatched VMware users with ransomware, researchers said on Thursday.
Flood of malicious junk traffic makes Ukrainian websites unreachable | Ars Technica
DDoS temporarily take out sites as Ukraine stares down Russian soldiers at its border.
Backdoor RAT for Windows, macOS, and Linux went undetected until now | Ars Technica
Never-before-seen, cross-platform SysJoker came from an "advanced threat actor."
Phishers who breached Twilio and targeted Cloudflare could easily get you, too
Unusually resourced threat actor has targeted multiple companies in recent days.
Discovery of new UEFI rootkit exposes an ugly truth: The attacks are invisible to us
Turns out they're not all that rare. We just don't know how to find them.
Google Play hides app permissions in favor of developer-written descriptions
Let's hope nobody lies about what permissions their app uses.
Ongoing phishing campaign can hack you even when you’re protected with MFA
Campaign that steals email has targeted at least 10,000 organizations since September.
A new vulnerability in Intel and AMD CPUs lets hackers steal encryption keys
Hertzbleed attack targets power-conservation feature found on virtually all modern CPUs.
Researchers devise iPhone malware that runs even when device is turned off
Research is largely theoretical but exposes an overlooked security issue.
Zyxel silently patches command-injection vulnerability with 9.8 severity rating
Flaw makes it possible to install web shell to maintain control of affected devices.
Researcher uses 379-year-old algorithm to crack crypto keys found in the wild
It takes only a second to crack the handful of weak keys. Are there more out there?
Russia’s Sandworm hackers attempted a third blackout in Ukraine
The attack was the first in five years to use Sandworm's Industroyer malware.
Explaining Spring4Shell: The Internet security disaster that wasn’t
Vulnerability in the Spring Java Framework is important, but it's no Log4Shell.