Cybersecurity News

Forescout researchers discovered two new vulnerabilities in Schneider Electric’s Modicon programmable logic controllers (PLCs), which could allow for authentication bypass and remote code execution. The flaws, identified as CVE-2022-45788 (CVSS...

According to Blackberry researchers, a new phishing campaign dubbed “NewsPenguin” has been targeting Pakistan’s military-industrial complex for months, using an advanced malware tool to steal sensitive information. The campaign, which...

Microsoft has announced that its support diagnostic tool, MSDT, will be phased out by 2025. The Windows Diagnostic Data Viewer (DDV) application will replace the tool, which is used by...

A game mode in Dota 2 exploited a high-severity vulnerability, allowing attackers to remotely execute code on the targeted system. The flaw was discovered in September 2022, but it went...

Proofpoint Threat Research researchers have discovered a new phishing campaign that employs screenshots to deliver malware payload to unsuspecting victims. The attacker sends an email with a screenshot attached that,...

Researchers have discovered a new type of obfuscated malware that is specifically designed to steal sensitive data from victims’ computers. Malware is distributed through phishing emails that appear to be...

Abnormal Security discovered a new business email attack threat actor known as “Firebrick Ostrich” performing Business email compromise (BEC) on a near-industrial scale. It also employs a stealth strategy to...

Censys, a security firm, has warned that up to 29,000 network storage devices manufactured by Taiwan-based QNAP are vulnerable to easily executed SQL injection attacks, granting complete control to unauthenticated...

A Lazarus Group cyberattack is targeting the medical research and energy industries, and their supply chain partners, through exploiting known vulnerabilities found in unpatched Zimbra devices, according to WithSecure research....

Atlassian has addressed a serious security vulnerability in its Jira Service Management Server and Data Center that could have allowed an attacker to impersonate another user and gain unauthorized access....

Admins, hosting providers, and the French Computer Emergency Response Team (CERT-FR) have warned of a new ransomware attack named ESXiArgs that is targeting VMware ESXi servers which have not been...