Vulnerabilities/Threats

A broken access control vulnerability could have led to dangerous follow-on attacks for users of the money-management app.

For the moment, victims can decrypt data without paying a ransom. But Clop is a ransomware variant that has caused havoc on Windows systems, so that's bound to change.

The global assault on vulnerable VMware hypervisors may have been mitigated by updating to the latest version of the product, but patch management is only part of the story.

A tax variable in the software implementing the Dingo Token allows the creators to charge 99% in fees per transaction, essentially stealing funds, an analysis finds.

Cryptocurrency drainers are the latest hot ticket being used in a string of lucrative cyberattacks aimed at virtual currency investors.

The fresh "ESXiArgs" malware is exploiting a 2-year-old RCE security vulnerability (tracked as CVE-2021-21974), resulting in thousands of unpatched servers falling prey to the campaign.

Despite growing awareness, organizations remain plagued with unpatched vulnerabilities and weaknesses in credential policies.

It's time to share threat intelligence and prioritize digital literacy and cyber hygiene to stem the rising money laundering tide.

The January attack was in retaliation for the satirical French magazine's decision to launch a cartoon contest to lampoon Iran's Supreme Leader.

The Russia-linked LockBit ransomware group claims to be behind the attack that fouled automated transactions for dozens of clients of financial technology firm ION Group.

The group's wanton attacks demonstrate that business email compromise is everything a hacker can want in one package: low risk, high reward, quick, easy, and low effort.

QNAP NAS devices are vulnerable to CVE-2022-27596, which allows unauthenticated, remote SQL code injection.

Differences in how the National Vulnerability Database (NVD) and vendors score bugs can make patch prioritization harder, study says.

An OpSec slip from the North Korean threat group helps researchers attribute what was first suspected as a ransomware attack to nation-state espionage.

The average organization does business with 11 third parties, and 98% of organizations do business with a third party who has suffered a breach, an analysis finds.