A WordPress plugin WPBakery Authenticated Stored Cross-Site Scripting (XSS) vulnerability has exposed over 4M sites.
Microsoft has worked with telecommunications providers worldwide to take down TrickBot malware infrastructure. TrickBot traces its roots back to 2016 as a modular banking trojan designed to steal information and distribute other malware to infected systems.
Advanced persistent threat actors (APTs) are exploiting multiple legacy vulnerabilities in combination with newer "Zerologon" to target government networks, critical infrastructure, and elections organizations.
QNAP Systems has patched two access control vulnerabilities that affect QTS Helpdesk software.
Cisco has patched high risk Webex Teams, video surveillance camera and Identity Services Engine (ISE) vulnerabilities.
Google has released Chrome 86.0.4240.75 security update for Windows, Mac and Linux. An attacker could exploit these vulnerabilities to take control of impacted systems.
A new IoT botnet dubbed Ttint now targets two Tenda router 0-day vulnerabilities to spread a Remote Access Trojan (RAT) based on Mirai botnet source code.
Security experts warned of a new malware variant dubbed SlothfulMedia has been used by a "sophisticated cyber actor."
Security experts from Microsoft have observed a cyber threat actor dubbed GADOLINIUM that uses new attack techniques via cloud services and open source tools.
Universal Health Services (UHS) hospitals was allegedly hit by a Ryuk ransomware cyberattack early Sunday morning, some sources say.