A new malware sold on dark web forums is being used by threat actors to steal accounts for multiple gaming platforms, including Steam, Epic Games Store, and EA Origin. [...]

A malicious Firefox add-on named "Safepal Wallet" lived on the Mozilla add-ons site for seven months and scammed users by emptying out their wallets. Safepal is a cryptocurrency wallet application capable of securely storing a variety of crypto assets, including Bitcoin, Ethereum, and Litecoin. [...]

Microsoft announced that Basic Authentication will be turned off for all protocols in all tenants starting October 1st, 2022, to protect millions of Exchange Online users. [...]

Security researchers have found a flaw in the Microsoft Windows Platform Binary Table (WPBT) that could be exploited in easy attacks to install rootkits on all Windows computers shipped since 2012. [...]

This week, threat actors hijacked Bitcoin.org, the authentic website of the Bitcoin project, and altered parts of the website to push a cryptocurrency giveaway scam that unfortunately some users fell for. Although the hack lasted for less than a day, hackers seem to have walked away with a little over $17,000. [...]

This week's biggest news is the USA sanctioning a crypto exchange used by ransomware gangs to convert cryptocurrency into fiat currency. By targeting rogue exchanges, the US government is hoping to disrupt ransomware's payment system. [...]

​California-based United Health Centers suffered a ransomware attack that reportedly disrupted all of their locations and resulted in patient data theft. [...]

Exploit code that could be used for remote code execution on VMware vCenter Server vulnerable to CVE-2021-22005 has been released today and attackers are already using it. [...]

Google has released Chrome 94.0.4606.61 for Windows, Mac, and Linux, an emergency update addressing a high-severity zero-day vulnerability exploited in the wild. [...]

Microsoft is rushing to register Internet domains used to steal Windows credentials sent from faulty implementations of the Microsoft Exchange Autodiscover protocol. [...]

The European Union has officially linked Russia to a hacking operation known as Ghostwriter that targets high-profile EU officials, journalists, and the general public. [...]

Proof-of-concept exploit code for three iOS zero-day vulnerabilities (and a fourth one patched in July) was published on GitHub after Apple delayed patching and failed to credit the researcher. [...]

Cisco has patched three critical vulnerabilities affecting components in its IOS XE internetworking operating system powering routers and wireless controllers, or products running with a specific configuration. [...]

SonicWall has patched a critical security flaw impacting several Secure Mobile Access (SMA) 100 series products that can let unauthenticated attackers remotely gain admin access on targeted devices. [...]

A newly discovered cyberespionage group has been targeting hotels worldwide around the world since at least 2019, as well as higher-profile targets such as governments, international organizations, law firms, and engineering companies. [...]

Apple has released security updates to fix a zero-day vulnerability exploited in the wild by attackers to hack into iPhones and Macs running older iOS and macOS versions. [...]

Google researchers spotted malware developers creating malformed code signatures seen as valid in Windows to bypass security software. [...]

Cybercriminals are slowly realizing that the REvil ransomware operators have been hijacking ransom negotiations, to cut affiliates out of payments. [...]

Threat actors have already started targeting Internet-exposed VMware vCenter servers unpatched against a critical arbitrary file upload vulnerability patched yesterday that could lead to remote code execution. [...]