Explaining Spring4Shell: The Internet security disaster that wasn’t
Vulnerability in the Spring Java Framework is important, but it's no Log4Shell.
Lapsus$ and SolarWinds hackers both use the same old trick to bypass MFA
Not all MFA is created equal, as script kiddies and elite hackers have shown recently.
Behold, a password phishing site that can trick even savvy users
Just when you thought you'd seen every phishing trick out there, BitB comes along.
Sabotage: Code added to popular NPM package wiped files in Russia and Belarus | Ars Technica
When code with millions of downloads nukes user files, bad things can happen.
New method that amplifies DDoSes by 4 billion-fold. What could go wrong?
New method also stretches out DDoS durations to 14 hours.
Cybercriminals who breached Nvidia issue one of the most unusual demands ever
Chipmaker has until Friday to comply or see its crown-jewel source code released.
VMware Horizon servers are under active exploit by Iranian state hackers
Hackers aligned with the government of Iran are exploiting the critical Log4j vulnerability to infect unpatched VMware users with ransomware, researchers said on Thursday.
Flood of malicious junk traffic makes Ukrainian websites unreachable | Ars Technica
DDoS temporarily take out sites as Ukraine stares down Russian soldiers at its border.
Backdoor RAT for Windows, macOS, and Linux went undetected until now | Ars Technica
Never-before-seen, cross-platform SysJoker came from an "advanced threat actor."