Zero Day

JUNE 17, 2025

Those codes are supposed to serve as two-factor authentication to confirm our identity and prevent scammers from accessing our accounts through a password alone. Here's how it happened and why it's a problem. Written by Lance Whitney, Contributor June 17, 2025 at 11:25 a.m.

Authentication 95

Authentication Password Management Small Business Passwords 95

Krebs on Security

JULY 11, 2023

today released software updates to quash 130 security bugs in its Windows operating systems and related software, including at least five flaws that are already seeing active exploitation. Almost as soon as the patch went out, Apple pulled the software because it was reportedly causing problems loading certain websites.

Software 254

Software Malware Antivirus Ransomware 254

The Last Watchdog

DECEMBER 12, 2023

A look back at the cybersecurity landscape in 2023 rings all-too familiar: cyber threats rapidly evolved and scaled up , just as they have, year-to-year, for the past 20 years. Eyal Benishti , CEO, IRONSCALES Benishti Generative AI (GenAI) reshaped cybersecurity in 2023. What should I be most concerned about – and focus on – in 2024?

Cybersecurity 258

Cybersecurity Social Engineering Cyber threats Software 258

Krebs on Security

SEPTEMBER 13, 2023

11, 2023, USDoD resurfaced after a lengthy absence to leak sensitive employee data stolen from the aerospace giant Airbus , while promising to visit the same treatment on top U.S. By stealing these tokens, attackers can often reuse them in their own web browser, and bypass any authentication normally required for that account.

Cybercrime 344

Cybercrime Passwords Authentication Malware 344

Krebs on Security

SEPTEMBER 12, 2023

Microsoft today issued software updates to fix at least five dozen security holes in Windows and supported software, including patches for two zero-day vulnerabilities that are already being exploited. Tracked as CVE-2023-36761 , it is flagged as an “information disclosure” vulnerability.

Spyware 316

Spyware Software Surveillance Authentication 316

Tech Republic Security

AUGUST 11, 2023

Looking for an alternative to Google Authenticator? Here's our comprehensive list covering the top competitors and alternatives to help you find your best fit.

Authentication 148

Authentication Software Mobile 148

The Last Watchdog

MARCH 1, 2023

The IT world relies on digital authentication credentials, such as API keys, certificates, and tokens, to securely connect applications, services, and infrastructures. According to BetterCloud, the average number of software as a service (SaaS) applications used by organizations worldwide has increased 14x between 2015 and 2021.

Authentication 222

Authentication CISO Software Passwords 222

Security Affairs

JANUARY 12, 2024

Researchers published a proof-of-concept (PoC) code for the recently disclosed critical flaw CVE-2023-51467 in the Apache OfBiz. Researchers from cybersecurity firm VulnCheck have created a proof-of-concept (PoC) exploit code for the recently disclosed critical flaw CVE-2023-51467 (CVSS score: 9.8) in the Apache OfBiz.

Authentication 144

Authentication Software Passwords Hacking 144

Security Affairs

NOVEMBER 9, 2024

Veeam Backup & Replication is a comprehensive data protection and disaster recovery software developed by Veeam. Attackers accessed targets via VPN gateways lacking multifactor authentication, some of which ran outdated software. Some of these VPNs were running unsupported software versions.” reads the advisory.

Backups 134

Backups Ransomware VPN Accountability 134

Zero Day

JUNE 6, 2025

Affecting "nearly all AT&T cellular customers," the company said at the time that the data included phone numbers and certain phone call data stemming from May 1, 2022, to October 31, 2022, and on January 2, 2023. " Also:  Stop paying for antivirus software.

Password Management 128

Password Management Passwords Software Artificial Intelligence 128

Security Affairs

OCTOBER 2, 2023

Experts warn of threat actors actively exploiting CVE-2023-40044 flaw in recently disclosed flaw in Progress Software’s WS_FTP products. It was a bit shocking that we were able to reach the deserialization sink without any authentication.” The vulnerability was discovered by researchers at the cybersecurity firm Assetnote.

Authentication 131

Authentication Software Internet Internet 131

SecureWorld News

NOVEMBER 13, 2024

The MOVEit vulnerability (CVE-2023-34362), first exploited in May 2023, allowed unauthenticated attackers to gain unauthorized access to vulnerable systems. The MOVEit data theft and extortion attacks in May 2023 impacted a significant number of individuals and organizations globally.

Data breaches 117

Data breaches Identity Theft Education Software 117

Security Affairs

DECEMBER 17, 2024

In March 2023, Lumen Black Lotus Labs researchers uncovered a sophisticated campaign called HiatusRAT that infected over 100 edge networking devices globally. Starting in mid-June through August 2023, Black Lotus Labs observed multiple newly compiled versions of the HiatusRAT malware discovered in the wild.

Architecture 109

Architecture Internet Internet Malware 109

Krebs on Security

FEBRUARY 13, 2024

today pushed software updates to plug more than 70 security holes in its Windows operating systems and related products, including two zero-day vulnerabilities that are already being exploited in active attacks. Microsoft Corp.

Engineering 303

Engineering Internet Internet Software 303

The Hacker News

SEPTEMBER 28, 2023

Cisco is warning of attempted exploitation of a security flaw in its IOS Software and IOS XE Software that could permit an authenticated remote attacker to achieve remote code execution on affected systems. The medium-severity vulnerability is tracked as CVE-2023-20109, and has a CVSS score of 6.6.

Software 136

Software Authentication 136

Thales Cloud Protection & Licensing

OCTOBER 2, 2023

Cybersecurity Awareness Month 2023 – What it is and why we should be aware madhav Tue, 10/03/2023 - 05:33 The inception of Cybersecurity Awareness Month in 2004 came at a critical juncture in our technological history. Implement Passwordless Strong Authentication Strong authentication is crucial in enhancing cybersecurity.

Cybersecurity 148

Cybersecurity Cyber threats Authentication Phishing 148

Security Affairs

AUGUST 31, 2023

Cisco is aware of attacks conducted by Akira ransomware threat actors targeting Cisco ASA VPNs that are not configured for multi-factor authentication. “This highlights the importance of enabling multi-factor authentication (MFA) in VPN implementations. . ” reads a post published by Cisco PSIRT. 200 and 162.35.92[.]242

Authentication 138

Authentication Ransomware VPN Hacking 138

eSecurity Planet

OCTOBER 6, 2023

That makes email security software a worthwhile investment for organizations of all sizes. We analyzed the market for email security tools and software to arrive at this list of 7 top email security solutions, including their standout features, limitations and ideal use cases, followed by issues prospective buyers should consider.

Software 131

Software Phishing Mobile Threat Detection 131

Security Affairs

SEPTEMBER 28, 2023

Cisco released security updates for an actively exploited zero-day flaw (CVE-2023-20109) that resides in the GET VPN feature of IOS and IOS XE software. ” The flaw affects products if they are running a vulnerable release of Cisco IOS Software or Cisco IOS XE Software and have the GDOI or G-IKEv2 protocol enabled.

VPN 135

VPN Software Encryption Authentication 135

Security Affairs

OCTOBER 4, 2023

Atlassian fixed a critical zero-day flaw in its Confluence Data Center and Server software, which has been exploited in the wild. Software giant Atlassian released emergency security updates to address a critical zero-day vulnerability, tracked as CVE-2023-22515 (CVSS score 10), in its Confluence Data Center and Server software.

Software 143

Software Accountability Authentication Internet 143

Security Affairs

SEPTEMBER 30, 2023

Progress Software has addressed a critical severity vulnerability in its WS_FTP Server software used by thousands of IT teams worldwide. A pre-authenticated, remote attacker could leverage a.NET deserialization issue in the Ad Hoc Transfer module to execute arbitrary commands on the underlying WS_FTP Server operating system.

Software 132

Software Authentication Hacking Information Security 132

The Hacker News

NOVEMBER 16, 2023

A zero-day flaw in the Zimbra Collaboration email software was exploited by four different groups in real-world attacks to pilfer email data, user credentials, and authentication tokens. The flaw, tracked as CVE-2023-37580 (CVSS score:

Software 135

Software Authentication 135

Krebs on Security

JUNE 15, 2024

.” In a SIM-swapping attack, crooks transfer the target’s phone number to a device they control and intercept any text messages or phone calls sent to the victim — including one-time passcodes for authentication, or password reset links sent via SMS. In January 2024, U.S.

Hacking 344

Hacking Cybercrime Phishing Passwords 344

SecureWorld News

APRIL 23, 2025

Their exits have raised concerns about the future of the Secure by Design program, which has been a cornerstone of CISA's efforts to enhance software security across the private sector. Zabierek, who previously led the Cyber Security Project at Harvard's Belfer Center, joined CISA in 2023.

Manufacturing 95

Manufacturing Software Cybersecurity Authentication 95

Security Affairs

OCTOBER 25, 2023

Citrix warned of attacks actively exploiting the vulnerability CVE-2023-4966 in NetScaler ADC and Gateway appliances. Citrix is urging administrators to secure all NetScaler ADC and Gateway appliances against the CVE-2023-4966 vulnerability, which is actively exploited in attacks. reported Citrix. reported Citrix. NetScaler ADC 13.1-FIPS

Authentication 136

Authentication VPN Hacking Government 136

Security Affairs

OCTOBER 31, 2023

Researchers publicly released the exploit code for the critical Cisco IOS XE vulnerability tracked as CVE-2023-20198. ai publicly released the exploit code for the critical Cisco IOS XE vulnerability tracked as CVE-2023-20198. “[the PoC code] is an example request that bypasses authentication on vulnerable instances of IOS-XE.

Internet 140

Internet Internet Software Accountability 140

SecureList

DECEMBER 6, 2024

Total number of registered vulnerabilities and number of critical ones, Q3 2023 and Q3 2024 ( download ) Q3 2024 preserved the upward trend in the number of vulnerabilities detected and registered. Most PoCs appear within a week of the developers of vulnerable software releasing a patch. The data is taken from cve.org.

Authentication 109

Authentication Software Wireless Internet 109

SecureList

MARCH 12, 2024

Profile of participants and applications We collected the data from a sample of the application security assessment projects our team completed in 2021–2023. Broken Authentication 5. Broken Authentication 5. Mitigation: implement authentication and authorization controls according to the role-based access model.

Passwords 140

Passwords Authentication Architecture Risk 140

SecureList

MAY 14, 2024

Incident response analyst report 2023 As an information security company, our services include incident response and investigation, and malware analysis. Our annual Incident Response Report presents anonymized statistics on the cyberattacks we investigated in 2023. This attack vector was among the three most frequently seen in 2023.

Ransomware 131

Ransomware Authentication Passwords Government 131

Krebs on Security

APRIL 4, 2023

Several domain names tied to Genesis Market , a bustling cybercrime store that sold access to passwords and other data stolen from millions of computers infected with malicious software, were seized by the Federal Bureau of Investigation (FBI) today. ” The Genesis Store had more than 450,000 bots for sale as of Mar.

Marketing 363

Marketing Cybercrime Passwords Banking 363

SecureList

MAY 6, 2024

Methodology In this report, we present an analysis of financial cyberthreats in 2023, focusing on banking Trojans and phishing pages that target online banking, shopping accounts, cryptocurrency wallets and other financial assets. Cryptocurrency phishing saw a 16% year-on-year increase in 2023, with 5.84 million in 2022.

Phishing 134

Phishing Banking Mobile Scams 134

Krebs on Security

SEPTEMBER 27, 2023

The leaked data suggest that Snatch is one of several ransomware groups using paid ads on Google.com to trick people into installing malware disguised as popular free software, such as Microsoft Teams , Adobe Reader , Mozilla Thunderbird , and Discord. The Moscow Internet address 80.66.64[.]15 com and www-discord[.]com. top , www-fortinet[.]top

Ransomware 326

Ransomware Internet Internet Phishing 326

Security Affairs

OCTOBER 18, 2023

Experts reported that the vulnerability CVE-2023-4966 in Citrix NetScaler ADC/Gateway devices has been exploited in attacks since late August. On October 10, Citrix published a security bulletin related to a critical vulnerability, tracked as CVE-2023-4966, in Citrix NetScaler ADC/Gateway devices. ” reported Citrix.

Authentication 134

Authentication VPN Hacking Government 134

eSecurity Planet

NOVEMBER 4, 2024

EMERALDWHALE uses private software tools to abuse misconfigured web services, which helps threat actors steal cloud credentials from cloud services’ source code. October 31, 2024 CISA Flags Mitsubishi Vulnerabilities in Halloween Notice Type of vulnerability: Missing authentication for critical function and unsafe reflection.

Software 101

Software Authentication Manufacturing Encryption 101

SecureWorld News

JANUARY 16, 2025

A report from 2023 revealed that 67% of energy and utility companies faced ransomware attacks, with many incidents exploiting unpatched vulnerabilities. Strategies for protecting oil and gas infrastructure Regular updates and patching: Outdated software and hardware are the most common entry points for cyberattacks.

Energy and Utilities 109

Energy and Utilities IoT Artificial Intelligence Backups 109

Security Affairs

FEBRUARY 14, 2024

Zoom addressed seven vulnerabilities in its desktop and mobile applications, including a critical flaw (CVE-2024-24691) affecting the Windows software. The company also addressed a high-severity escalation of privilege vulnerability, tracked as CVE-2024-24697, impacting Windows software. ” reads the advisory. excluding 5.15.15

Software 140

Software Authentication Mobile Hacking 140

CyberSecurity Insiders

MARCH 17, 2023

After Rubrik, Hitachi Energy issued a public statement that some of its customer accounts might have been compromised, after a ransomware attack took place on a third-party software called Fortra GoAnywhere MFT. However, an authenticity on this info is awaited and will only be known, as the case starts unfolding, in the court of law.

Software 136

Software Ransomware Data breaches Financial Services 136