Google recently announced an extension to its OSS-Fuzz rewards program, an initiative meant to reward contributors for integrating projects into OSS-Fuzz.  Launched in 2016, OSS-Fuzz is intended to help identify vulnerabilities in open source…

Hewlett Packard Enterprise (HPE) has issued an alert regarding its OneView infrastructure management platform, warning of a use-after-free vulnerability that enables remote attackers to execute arbitrary code on targeted systems, leak data, and more. The…

Researchers at Metabase Q found two security flaws in the open-source image manipulation software ImageMagick that could lead to information exposure or a Denial-of-Service (DoS) condition. ImageMagick is a free, open-source software suite for displaying…

According to a new report by Sophos, scammers were able to get two fraudulent apps onto both Google's Play Store and Apple's App Store, allowing them to persuade users into making fake cryptocurrency investments. Sophos researchers found Ace Pro and…

The cyber insurance company Coalition predicts that in 2023, there will be more than 1,900 new Common Vulnerabilities and Exposures (CVEs) every month, including 270 high-severity and 155 critical-severity vulnerabilities, a 13 percent rise from 2022.…

The Cybernews research team found an unprotected Azure storage blob holding around one million files belonging to Renewal by Andersen, a subsidiary of the international Andersen Corporation, on January 18, 2023. Andersen Corporation is the largest maker…

Since at least September 2022, a new attack campaign has been targeting the gaming and gambling industries. The cybersecurity firm Security Joes is monitoring the activity cluster named "Ice Breaker," saying that the attacks use social engineering…

HoTSoS 2023: Registration Open March 7th! The Hot Topics in the Science of Security (HoTSoS) Symposium is a research event centered on the Science of Security, which aims to address the fundamental problems of security in a principled manner.…

Since September 2021, new stealthy malware dubbed HeadCrab has infected over 1,000 vulnerable Redis servers in order to form a botnet that mines the Monero cryptocurrency. The malware, discovered by Aqua Security researchers, has infected at least 1,200…

Some of Cisco's industrial routers, gateways, and enterprise wireless access points were discovered to contain a high-severity vulnerability, tracked as CVE-2023-20076. This now-patched vulnerability could be used to inject malicious code that cannot be…

The North Korean Lazarus Group launched a cyberattack campaign against medical research and energy organizations for espionage purposes. The attribution was made by threat intelligence analysts at WithSecure, who uncovered the campaign while…

A suspected ransomware attack on a key supplier of trading software to the City of London this week appears to have disrupted activity in the derivatives market.  Ion Cleared Derivatives released a brief statement on Tuesday saying that it…