A new variant of the Chaes malware called Chae$4 targets the banking and logistics industries along with major content management platforms. According to researchers at Morphisec, Chae$4 has targeted customers of platforms and banks such as Mercado Libre…

The US Cybersecurity and Infrastructure Security Agency (CISA) has announced a voluntary pledge for manufacturers of K-12 Education Technology software to design products with improved security. CISA has received commitments from six K-12 software…

Google recently announced the release of a Chrome 116 update that patches four high-severity vulnerabilities reported by external researchers.  Tracked as CVE-2023-4761, the first bug is described as an out-of-bounds memory access issue in the FedCM…

University of Wisconsin-Madison researchers have developed a Proof-of-Concept (PoC) Chrome extension that can steal plaintext passwords from the HTML source code of nearly any website. In a recently published paper, the researchers detailed how a…

Google recently announced that Android's September 2023 security updates contain patches for 32 vulnerabilities, including one that has been exploited in attacks.  Tracked as CVE-2023-35674, the zero-day flaw is described as a high-severity…

Security researchers at Truffle Security warn that thousands of the domains in the Alexa top 1 million websites list are leaking secrets, including credentials.  The researchers noted that 4,500 of the analyzed websites exposed their .git directory…

MITRE Caldera for OT is now publicly available as an extension to the open-source Caldera platform, enabling security teams to conduct automated adversary emulation exercises focused on Operational Technology (OT) threats. The first Caldera for OT…

According to a report by AppViewX and Forrester Consulting, of the organizations that have experienced data breaches, 58 percent were due to problems with digital certificates. Fifty-seven percent revealed that their organizations have incurred…

Researchers have discovered what they describe as a critical vulnerability in the open-source Content Management System (CMS) PHPFusion, which is widely used. The vulnerability, tracked as CVE-2023-2453, is an authenticated local file inclusion flaw that…

A threat actor known as W3LL developed a phishing kit to circumvent multi-factor authentication (MFA) and other tools. Over 8,000 Microsoft 365 corporate accounts have been compromised by the phishing kit. In ten months, security researchers discovered…

The Iranian threat actor APT34 has been linked to a new phishing attack that deploys a variant of the SideTwist backdoor. According to NSFOCUS Security Labs, APT34 has a high level of attack technology, the ability to design different intrusion methods…

A new study reveals that most major car makers acknowledge they may be selling users' personal information. However, they are vague about the buyers. Half of them would share such information with the government or law enforcement without a court order.…