Malware researchers warn about a stealthy backdoor program that has been used by a Chinese threat actor to compromise Linux servers around the world.
The Operation CuckooBees campaign used zero-day exploits to compromise networks and leveraged Windows' Common Log File System to avoid detection.
The network switch vulnerabilities are considered critical and could allow attackers to break network segmentation, exfiltrate data, and escape captive portals.
The Bumblebee downloader has deployed open source penetration testing tools like Cobalt Strike and is delivered through spear-phishing campaigns.
Although the vulnerabilities were patched server-side, they allowed privilege escalation and authentication bypass.
Among the over 100 vulnerabilities fixed by Microsoft during the past week in its monthly patch cycle is one that has the security community very worried.
The new cryptomining malware is written in Go for easier deployment and uses Amazon Web Services' own open-source Go libraries.
More tools to identify vulnerable applications and options to mitigate the risk from Spring4Shell are also now available.
A remote code execution vulnerability in Spring Framework has sparked fears that it could have a widespread impact across enterprise environments.
A new ransomware operation dubbed LokiLocker has slowly been gaining traction since August among cyber criminals, researchers warn.
The dangerous Linux privilege escalation flaw dubbed Dirty Pipe that was recently disclosed could also impact applications and systems.
Though not as easy to exploit, this proof of concept shows that some Intel and ARM processors are still vulnerable to side-channel attacks.
Security researchers have found several vulnerabilities affecting many models of APC Smart-UPS uninterruptible power supplies that could be exploited.
The Axeda platform, used by hundreds of Internet of Things devices, has seven vulnerabilities, three of which allow for remote code execution.
The hacker group that recently broke into systems belonging to Nvidia has released two of the company's old code-signing certificates.