Apple has backported security patches released in March to older iPhones and iPads, fixing an iOS Kernel zero-day tagged as exploited in attacks.
Okta warns of an "unprecedented" spike in credential stuffing attacks targeting its identity and access management solutions, with some customer accounts breached in the attacks.
Roku warns that 576,000 accounts were hacked in new credential stuffing attacks after disclosing another incident that compromised 15,000 accounts in early March.
Today, Palo Alto Networks warns that an unpatched critical command injection vulnerability in its PAN-OS firewall is being actively exploited in attacks.
American retailer Hot Topic disclosed that two waves of credential stuffing attacks in November exposed affected customers' personal information and partial payment data.
The samples seen by Sophos in this week's attacks were a buhtiRansom LockBit variant dropped on 30 different customer networks and a second payload created using the leaked Lockbit builder (and dropped by a different threat actor).
Fortinet is warning that a new critical remote code execution vulnerability in FortiOS SSL VPN is potentially being exploited in attacks.
The U.S. Department of Health and Human Services (HHS) warned hospitals this week to patch the critical 'Citrix Bleed' Netscaler vulnerability actively exploited in attacks.
Researchers at Eurecom have developed six new attacks collectively named 'BLUFFS' that can break the secrecy of Bluetooth sessions, allowing for device impersonation and man-in-the-middle (MitM) attacks.
Cloudflare says the number of hyper-volumetric HTTP DDoS (distributed denial of service) attacks recorded in the third quarter of 2023 surpasses every previous year, indicating that the threat landscape has entered a new chapter.
An updated version of the MATA backdoor framework was spotted in attacks between August 2022 and May 2023, targeting oil and gas firms and the defense industry in Eastern Europe.
Apple released new emergency security updates on Wednesday to patch two new zero-day vulnerabilities known to be exploited in attacks.
Google has patched the fifth Chrome zero-day vulnerability exploited in attacks since the start of the year in emergency security updates released today.
The U.S. Cybersecurity & Infrastructure Security Agency (CISA) has discovered that the backdoor malware named 'Whirlpool' used in attacks on compromised Barracuda Email Security Gateway (ESG) devices.
Hundreds of Citrix Netscaler ADC and Gateway servers have already been breached and backdoored in a series of attacks targeting a critical remote code execution (RCE) vulnerability tracked as CVE-2023-3519.