CircleCi, a software company whose products are popular with developers and software engineers, confirmed that some customers’ data was stolen in a data breach last month.
Three popular WordPress plugins with tens of thousands of active installations are vulnerable to high-severity or critical SQL injection vulnerabilities, with proof-of-concept exploits now publicly available.
SQL injection is a website security flaw that allows attackers to input data into form fields or via URLs that modify legitimate database queries to return different data or modify a database.
A majority of internet-exposed Cacti servers have not been patched against a recently patched critical security vulnerability that has come under active exploitation in the wild.
The first Patch Tuesday fixes shipped by Microsoft for 2023 have addressed a total of 98 security flaws, including one bug that the company said is being actively exploited in the wild.
Researchers reported last month that Cuba ransomware operators were using the BURNTCIGAR loader utility to install a malicious driver signed using Microsoft's certificate. Now, Microsoft has revealed that the group is targeting vulnerable Exchange servers for a critical Server-Side Request Forgery (SSRF) vulnerability, aka OWASSRF, as well.
Infected VPN installers are being abused to spread EyeSpy as part of a malware campaign. The campaign started in May 2022 and is targeting 20Speed VPN users through trojanized installers.
Raspberry Robin, the cunning worm that emerged in September 2021, has been constantly evolving, adding new tricks to its arsenal. Recent findings have exposed that the botnet's attack infrastructure is highly adaptable, and can be hijacked by other cybercriminals, turning it into a super-threat.
The quality of protected communications matters – a lot. If the sent material is highly sensitive and the legislation and/or policy demands high security, opportunistic encryption might not be enough. For organizations, deciding what email encryption solution to use is often not so simple and, generally speaking, there is no single correct answer.
77% of IT decision makers across the United States and Canada believe their companies are likely to face a data breach within the next three years according to survey results released by Adastra.
