Flagstar Bank MOVEit Breach Affects 800K Customer Records
Flagstar Bank, a prominent Michigan-based financial services provider, has warned 837,390 of its US customers about a data breach that...
Half of CISOs Now Report to CEO as Influence Grows
Nearly half (47%) of global CISOs now report to their CEO, and the vast majority (78%) are backed by a...
Air Europa Asks Customers to Cancel Cards After Breach
A leading Spanish airline has told some of its customers to cancel their payment cards after revealing their details were...
IZ1H9 Botnet Targets IoT Devices With New Exploits
FortiGuard Labs, the research arm of security firm Fortinet, has uncovered a significant evolution in the IZ1H9 Mirai-based DDoS campaign. Discovered...
Tech Giants Reveal Record-Breaking “Rapid Reset” DDoS Bug
Threat actors have been exploiting a zero-day vulnerability in the HTTP/2 protocol since August to launch the largest DDoS attacks...
October Patch Tuesday Addresses Three Zero-Days
Microsoft has fixed three zero-day vulnerabilities in its latest security update round this month, all of which are being actively...
Exploitation Accounts For 29% of Education Sector Attacks
The education sector has been confirmed as a prime target for threat actors, with 29% of attacks originating from vulnerability...
Curl Releases Fixes For High-Severity Vulnerability
In a recent security alert, the team behind the popular open-source tool curl has announced the release of fixes for...
US Government Issues Open-Source Security Guidance for Critical Infrastructure
The US government has issued guidance on securing open-source software (OSS) in operational technology (OT) critical infrastructure environments.The joint advisory,...
Cyber Professionals Alarmed by Growing Attacker Use of AI
IT security decision makers are concerned about the use of AI by cyber-criminals, particularly surrounding deepfakes, and many believe AI...
Google Adopts Passkeys as Default Sign-in Method for All Users
Google on Tuesday announced the ability for all users to set up passkeys by default, five months after it rolled...
Researchers Uncover Grayling APT’s Ongoing Attack Campaign Across Industries
A previously undocumented threat actor of unknown provenance has been linked to a number of attacks targeting organizations in the...
New Magecart Campaign Alters 404 Error Pages to Steal Shoppers’ Credit Cards
A sophisticated Magecart campaign has been observed manipulating websites' default 404 error page to conceal malicious code in what's been...
HTTP/2 Rapid Reset Zero-Day Vulnerability Exploited to Launch Record DDoS Attacks
Amazon Web Services (AWS), Cloudflare, and Google on Tuesday said they took steps to mitigate record-breaking distributed denial-of-service (DDoS) attacks...
New Report: Child Sexual Abuse Content and Online Risks to Children on the Rise
Certain online risks to children are on the rise, according to a recent report from Thorn, a technology nonprofit whose...
Microsoft Releases October 2023 Patches for 103 Flaws, Including 2 Active Exploits
Microsoft has released its Patch Tuesday updates for October 2023, addressing a total of 103 flaws in its software, two...
Over 17,000 WordPress Sites Compromised by Balada Injector in September 2023
More than 17,000 WordPress websites have been compromised in the month of September 2023 with malware known as Balada Injector,...
U.S. Cybersecurity Agency Warns of Actively Exploited Adobe Acrobat Reader Vulnerability
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday added a high-severity flaw in Adobe Acrobat Reader to its...
Take an Offensive Approach to Password Security by Continuously Monitoring for Breached Passwords
Passwords are at the core of securing access to an organization's data. However, they also come with security vulnerabilities that...
Microsoft Warns of Nation-State Hackers Exploiting Critical Atlassian Confluence Vulnerability
Microsoft has linked the exploitation of a recently disclosed critical flaw in Atlassian Confluence Data Center and Server to a...
US-CERT Vulnerability Summary for the Week of October 2, 2023
High VulnerabilitiesPrimary Vendor -- ProductDescriptionPublishedCVSS ScoreSource & Patch Infoacronis -- agentLocal privilege escalation due to improper soft link handling. The...
Spoofy – Program That Checks If A List Of Domains Can Be Spoofed Based On SPF And DMARC Records
Spoofy is a program that checks if a list of domains can be spoofed based on SPF and DMARC records....
HackerOne Bug Bounty Disclosure: b-uaf-on-jsethereumprovider-b-nick-ve
Company Name: b'Brave Software' Company HackerOne URL: https://hackerone.com/brave Submitted By:b'nick0ve'Link to Submitters Profile:https://hackerone.com/b'nick0ve' Report Title:b'UAF on JSEthereumProvider'Report Link:https://hackerone.com/reports/1977252Date Submitted:11 October...
HackerOne Bug Bounty Disclosure: b-cve-cookie-injection-with-none-file-b-w-x
Company Name: b'curl' Company HackerOne URL: https://hackerone.com/curl Submitted By:b'w0x42'Link to Submitters Profile:https://hackerone.com/b'w0x42' Report Title:b'CVE-2023-38546: cookie injection with none file'Report Link:https://hackerone.com/reports/2148242Date...
