Threats

Stay informed on the latest cybersecurity threats and news to better protect your data, networks, applications, and devices. Our coverage includes emerging vulnerabilities, evolving attack techniques, and the latest security breaches to help you understand and mitigate risks.

  • U.S. Agencies Ordered to Fix Critical VMware Vulnerabilities by Monday

    The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has ordered federal agencies to fix critical vulnerabilities in VMware products by Monday or remove the products from service. Multiple VMware products are affected by two new critical vulnerabilities that the company issued updates for yesterday. Recorded as CVE-2022-22972 and CVE-2022-22973, the bugs allow an authentication bypass…

  • Log4j Vulnerability Puts Enterprise Data Lakes and AI at Risk

    The Apache Log4j Log4Shell bug is one of the most critical vulnerabilities in the history of cybersecurity. Hundreds of millions of devices use the Log4j component for various online services, among them government organizations, critical infrastructure, companies and individuals. Actually, pretty much all software uses this library written in Java, so it’s a very widespread…

  • Software Supply Chain: A Risky Time for Dependencies

    The software supply chain is a critical element in the lifecycle of applications and websites. The interdependencies and components common in modern software development can increase the attack surface and sometimes allow hackers to bypass robust security layers you’ve added to your infrastructure. Indeed, only one flaw in the code base can be enough to…

  • Critical F5 BIG-IP Flaw Actively Exploited by Hackers

    User’s of F5’s BIG-IP application services could be vulnerable to a critical flaw that allows an unauthenticated attacker on the BIG-IP system to run arbitrary system commands, create or delete files, or disable services. The vulnerability is recorded as CVE-2022-1388 with a 9.8 severity rating, just below the highest possible rating of 10. The U.S.…

  • Hackers Are Now Exploiting Windows Event Logs

    Hackers have found a way to infect Windows Event Logs with fileless malware, security researchers have found. Kaspersky researchers on May 4 revealed “a new stash for fileless malware.” During a “very targeted” campaign, hackers used Windows Event Logs to inject shellcode payloads and operate stealthily. This new approach is highly sophisticated yet could still…

  • New DNS Spoofing Threat Puts Millions of Devices at Risk

    Security researchers have uncovered a critical vulnerability that could lead to DNS spoofing attacks in two popular C standard libraries that provide functions for common DNS operations. Nozomi Networks Labs found the vulnerability in the Uclibc and uClibc-ng libraries, which provide functions to make common DNS operations such as lookups or translating domain names to…

  • Security Researchers Find Nearly 400,000 Exposed Databases

    Databases contain some of the most critical data in enterprises, so vulnerabilities in them are serious issues. Researchers at Singapore-based cybersecurity company Group-IB recently discovered thousands of databases exposed to the internet that could have been exploited when they were left unprotected. The Attack Surface Management team at Group-IB said it constantly scans the IPv4…

  • Onyx Ransomware Destroys Large Files Instead of Locking Them

    Ransomware just keeps getting worse, it seems. Cybersecurity researchers last week revealed that a new ransomware gang called Onyx is simply destroying larger files rather than encrypting them. As the MalwareHunterTeam noted in a Twitter thread, “as the ransomware they are using is a trash skidware, it’s destroying a part of the victims’ files.” The…

  • Nimbuspwn: New Root Privilege Escalation Found in Linux

    The Microsoft 365 Defender Research Team has revealed several new Linux vulnerabilities collectively dubbed “Nimbuspwn.” Like the Dirty Pipe vulnerability, they only need a local user with low capabilities to elevate privileges, but this time the exploit seems much more specific and focuses on “networkd-dispatcher,” a systemd component that handles connection status changes. The Nimbuspwn…

  • Cybersecurity Agencies Reveal the Top Exploited Vulnerabilities of 2021

    U.S. cybersecurity agencies joined their counterparts around the globe to urge organizations to address the top 15 vulnerabilities exploited in 2021. Topping the list were the Log4Shell vulnerability and Microsoft bugs ProxyShell and ProxyLogon. Microsoft occupied more than half the list, with Exchange Server accounting for eight of the vulnerabilities. VMware, Atlassian, Pulse Secure and…

Get the free newsletter

Subscribe to Cybersecurity Insider for top news, trends & analysis

This field is required This field is required

IT Security Resources

Top Cybersecurity Companies

See Full List