Hackers are actively exploiting password-stealing flaw in Zimbra
The Cybersecurity and Infrastructure Security Agency (CISA) has added the Zimbra CVE-2022-27824 flaw to its ‘Known Exploited Vulnerabilities Catalog,’ indicating
Twitter confirms zero-day used to expose data of 5.4 million accounts
Twitter has confirmed a recent data breach was caused by a now-patched zero-day vulnerability used to link email addresses and phone
Slack resets passwords after exposing hashes in invitation links
Slack notified roughly 0.5% of its users that it reset their passwords after fixing a bug exposing salted password hashes when creating
DuckDuckGo browser now blocks all third-party Microsoft trackers
DuckDuckGo announced today that they will now be blocking all third-party Microsoft tracking scripts in their privacy browser after failing
Facebook finds new Android malware used by APT hackers
Meta (Facebook) has released its Q2 2022 adversarial threat report, and among the highlights is the discovery of two cyber-espionage
Critical RCE vulnerability impacts 29 models of DrayTek routers
Researchers at Trellix have discovered a critical unauthenticated remote code execution (RCE) vulnerability impacting 29 models of the DrayTek Vigor
Hackers try to extort survey firm QuestionPro after alleged data theft
Hackers attempted to extort the online survey platform QuestionPro after claiming to have stolen the company’s database containing respondents’ personal
DHS warns of critical flaws in Emergency Alert System devices
The Department of Homeland Security (DHS) warned that attackers could exploit critical security vulnerabilities in unpatched Emergency Alert System (EAS)
New Traffic Light Protocol standard released after five years
The Forum of Incident Response and Security Teams (FIRST) has published TLP 2.0, a new version of its Traffic Light