A large-scale brute force password attack using almost 2.8 million IP addresses is underway, attempting to guess the credentials for a wide range of networking devices, including those fromΒ Palo Alto Networks, Ivanti, and SonicWall.
BleepingComputer
Massive brute force attack uses 2.8 million IPs to target VPN devices
A large-scale brute force password attack using almost 2.8 million IP addresses is underway, attempting to guess the credentials for a wide range o...
Netgear has fixed two critical remote code execution and authentication bypass vulnerabilities affecting multiple WiFi routers and warned customers to update their devices to the latest firmware as soon as possible.
BleepingComputer
Netgear warns users to patch critical WiFi router vulnerabilities
Netgear has fixed two critical remote code execution and authentication bypass vulnerabilities affecting multiple WiFi routers and warned customers...
Europol and German law enforcement confirmed the arrest of two suspects and the seizure of 17 servers in Operation Talent, which took down Cracked and Nulled, two of the largest hacking forums with over 10 million users.
BleepingComputer
Police seizes Cracked and Nulled hacking forum servers, arrests suspects
Europol and German law enforcement confirmed the arrest of two suspects and the seizure of 17 servers in Operation Talent, which took down Cracked ...
A team of security researchers has disclosed new side-channel vulnerabilities in modern Apple processors that could steal sensitive information from web browsers.
BleepingComputer
New Apple CPU side-channel attacks steal data from browsers
A team of security researchers has disclosed new side-channel vulnerabilities in modern Apple processors that could steal sensitive information fro...
Microsoft says outdated Exchange servers cannot receive new emergency mitigation definitions because an Office Configuration Service certificate type is being deprecated.
BleepingComputer
Microsoft: Outdated Exchange servers fail to auto-mitigate security bugs
Microsoft says outdated Exchange servers cannot receive new emergency mitigation definitions because an Office Configuration Service certificate ty...
Threat actors on X are exploiting the news around Ross Ulbricht to direct unsuspecting users to a Telegram channel that tricks them into executing PowerShell code that infects them with malware.
BleepingComputer
Telegram captcha tricks you into running malicious PowerShell scripts
Threat actors on X are exploiting the news around Ross Ulbricht to direct unsuspecting users to a Telegram channel that tricks them into executing ...
South Korean VPN provider IPany was breached in a supply chain attack by the "PlushDaemon" China-aligned hacking group, who compromised the company'sΒ VPN installer to deploy the custom 'SlowStepper' malware.
BleepingComputer
IPany VPN breached in supply-chain attack to push custom malware
South Korean VPN provider IPany was breached in a supply chain attack by the "PlushDaemon" China-aligned hacking group, who compromised the company...
The Federal Trade Commission (FTC) has announced action against General Motors (GM) and its subsidiary, OnStar, for unlawful collection and sale of drivers' precise geolocation and driving behavior data without first obtaining their consent.
BleepingComputer
FTC orders GM to stop collecting and selling driver’s data
The Federal Trade Commission (FTC) has announced action against General Motors (GM) and its subsidiary, OnStar, for unlawful collection and sale of...
The FTC will require web hosting giant GoDaddy to implement basic security protections, such as multi-factor authentication and HTTPS APIs, to settle charges that it failed to secure its hosting services against attacks since 2018.
BleepingComputer
FTC orders GoDaddy to fix poor web hosting security practices
The Federal Trade Commission (FTC) will require web hosting giant GoDaddy to implement basic security protections, including HTTPS APIs and mandato...
Nominet, the official .UK domain registry and one of the largest country code registries, has confirmed that its network was breached two weeks ago using an Ivanti VPN zero-day vulnerability.
BleepingComputer
UK domain registry Nominet confirms breach via Ivanti zero-day
Nominet, the official .UK domain registry and one of the largest country code registries, has confirmed that its network was breached two weeks ago...