TPG Telecom, an Australian telecommunications company, has been hit by a cyberattack that has put the data of 15,000 customers at risk. On December 13, Mandiant notified the company that it had discovered evidence of unauthorized access to a hosted…

German software maker SAP recently announced the release of 14 new and five updated security notes as part of its December 2022 Security Patch Day, including four notes that address critical vulnerabilities in Business Client, BusinessObjects, NetWeaver…

Google recently announced a Chrome update that resolves eight vulnerabilities in the popular browser, including five reported by external researchers.  All five security defects are use-after-free flaws, a type of memory safety bug that has been…

The UK's financial regulator has recently warned of an increase in scams promising non-existent loans as fraudsters look to pressure consumers struggling to make ends meet before Christmas.  The Financial Conduct Authority (FCA) polled 2000 UK…

Businesses and homeowners are increasingly relying on Internet Protocol (IP) cameras for surveillance. However, this gives them a false sense of security because threat actors can access and monitor a user's camera feed and use the unsecured device to…

Apple has confirmed that a two-week-old iPhone software update fixed a zero-day security vulnerability, which it now says was actively exploited. The update, iOS 16.1.2, was released on November 30 to all supported iPhones, including the iPhone 8 and…

Google has announced the release of Open Source Vulnerability (OSV)-Scanner, a free vulnerability scanner for developers to have access to vulnerability information about open-source projects, which is said to be the largest community-editable database…

Microsoft has patched 48 new vulnerabilities in its products, including one that attackers are actively exploiting and another that was publicly disclosed but is not currently being exploited. Six of the vulnerabilities addressed in the company's final…

Praetorian has open-sourced the Nosey Parker secret scanning tool's regular expression-based (RegEx) scanning capabilities. One of the more common attack vectors for an organization is inadvertent secret disclosure. Nosey Parker addresses the pervasive…

A critical security flaw in the Amazon Elastic Container Registry (ECR) Public Gallery could have enabled attackers to delete any container image or inject malicious code into images from other Amazon Web Services (AWS) accounts. The Amazon ECR Public…

Microsoft has revealed that it took action to suspend accounts used to publish malicious drivers certified by its Windows Hardware Developer Program, which were used to sign malware. The activity was limited to a number of developer program accounts, and…

A security issue involving manufacturing keys from major device manufacturers such as LG and Samsung has opened the door for malware apps to infiltrate user devices as legitimate updates. These malware apps can grant an attacker complete system-level…