The US Cybersecurity and Infrastructure Security Agency (CISA) has added two more flaws to its catalog of Known Exploited Vulnerabilities (KEVs), based on evidence of active exploitation. One of themRead More →
Threat actors could exploit a critical zero-day vulnerability in Windows Search to run remotely hosted malware just by automatically opening a search window with a Word document. According to theRead More →
Researchers at security firm Fortinet report detecting a fraudulent campaign based on the delivery of three pieces of fileless malware with enhanced confidential information-stealing capabilities. The malware is delivered throughRead More →
After a researcher detected a specially crafted Word file to run arbitrary PowerShell on Windows systems, Microsoft confirmed that its operating system is affected by a zero-day vulnerability tracked asRead More →
Cybersecurity specialists published a report detailing the finding of what they describe as a “design flaw” in the Fast Identity Online (FIDO) passwordless authentication system. The report, titled “Provable SecurityRead More →
Microsoft published a report detailing its researchers’ findings on payment card stealing malware, mentioning that threat actors increasingly use malicious PHP scripts to manipulate payment systems and bypass online securityRead More →
Cybersecurity specialists reported the detection of a new cyberattack method that would allow threat actors to deliver phishing emails inadvertently for security mechanisms, exploiting a key difference in the wayRead More →
Cybersecurity specialists reported the detection of a new post-exploitation framework that would allow the compromise of Microsoft Exchange servers. Identified as IceApple, this framework was developed by threat actors capableRead More →
Microsoft announced the release of several security updates to address a severe vulnerability in the Azure Synapse and Azure Data Factory pipelines whose exploitation would allow threat actors to executeRead More →