Capoae malware brute-forces WordPress sites for cryptomining A recently discovered wave of malware attacks has been spotted using tactics that involve easy-to-guess administrative credentials to co-opt them into a network with the goal of illegally mining cryptocurrency. The PHP malware…

Email scammers posed as DOT officials in phishing messages focused on $1 trillion bill Shortly after Congress took action on a $1 trillion infrastructure bill, hackers posing as U.S. Transportation Department officials offered fake project bid opportunities to seduce companies…

Apple issues urgent updates to fix new zero-day linked to Pegasus spyware Apple released emergency security updates Monday after it was discovered that an Israeli cyber surveillance company’s spyware could infect iPhones and other devices without the owner even clicking…

Ransomware gang threatens to leak data if victim contacts FBI, police In an announcement published on Ragnar Locker’s darknet leak site this week, the group is threatening to publish full data of victims who seek the help of law enforcement…

Cyber Command urges patching of massively exploited Confluence bug US Cyber Command issued a rare alert on Friday urging US organizations to patch the massively exploited Atlassian Confluence critical vulnerability immediately, stating, “Please patch immediately if you haven’t already— this…

QNAP announces OpenSSL bugs fallout On Monday, QNAP put out two security advisories about OpenSSL remote-code execution and denial-of-service (DoS) bugs, fixed last week, that affect its network-attached storage (NAS) devices. The vulnerabilities are tracked as CVE-2021-3711 – a high-severity…

“Worst cloud vulnerability you can imagine” discovered in Microsoft Azure [Extended story] Cloud security vendor Wiz announced that it had found a vulnerability in Microsoft Azure’s managed database service, Cosmos DB, which granted read/write access for every database on the…