Threats

Symantec, GTSC Warn of Active Microsoft Exploits

Vietnamese security firm GTSC published a blog post this week warning of a new zero-day remote code execution (RCE) flaw in Microsoft Exchange Server, which it said has been actively exploited at lea...

Unpatched Python Library Affects More Than 300,000 Open Source Projects

Trellix security researchers have revealed a major vulnerability in the Python tarfile library that could be exploited in software supply chain attacks. The researchers believe it could be used again...

Ransomware Groups Turn to Intermittent Encryption to Speed Attack Times

During a cyberattack, time is of the essence for both attackers and defenders. To accelerate the ransomware encryption process and make it harder to detect, cybercriminal groups have begun using a ne...

Threat Group TeamTNT Returns with New Cloud Attacks

A retired threat actor has returned with new attacks aimed at the cloud, containers - and encryption keys. The Aqua Nautilus research team observed three attacks that appeared very similar to thos...

New Linux Malware Shikitega Can Take Full Control of Devices

AT&T Alien Labs has discovered a new Linux malware that can be used for highly evasive attacks, as the infection has been designed for persistence and runs on practically all kinds of Linux devic...

New GIFShell Attack Targets Microsoft Teams

A cybersecurity consultant has discovered a new attack chain that leverages GIF images in Microsoft Teams to execute arbitrary commands on the target’s machine. The exploit uncovered by Bobby Rauc...

CVSS Vulnerability Scores Can Be Misleading: Security Researchers

Vulnerability management systems based on the Common Vulnerability Scoring System (CVSS) v2 scoring system may be misguided, as a new report found that roughly half of the most critical vulnerabiliti...

Top Network Detection & Response (NDR) Solutions

In the race to offer comprehensive cybersecurity solutions, the product known as network detection and response (NDR) is a standalone solution as well as a central component of XDR. Whereas ol...

GitLab Patches Critical RCE in Community and Enterprise Editions

The widely-used DevOps platform GitLab has released critical security updates for its Community Edition (CE) and Enterprise Edition (EE).  The vulnerability was reported for a number of versi...

Hackers Steal Session Cookies to Bypass Multi-factor Authentication

Cyber attackers continue to up their game. One new tactic hackers have been using is to steal cookies from current or recent web sessions to bypass multi-factor authentication (MFA). The new attac...

Latest articles