Laravel Lang packages hijacked to deploy credential-stealing malware

A supply chain attack targeting the Laravel Lang localization packages has exposed developers to a sophisticated ...

Italy disrupts CINEMAGOAL piracy app that stole streaming auth codes

Italian authorities have dismantled a piracy ecosystem centered around the CINEMAGOAL app that provided access to various ...

Trend Micro warns of Apex One zero-day exploited in the wild

Japanese cybersecurity software company Trend Micro has addressed an Apex One zero-day vulnerability exploited in attacks ...

Drupal: Critical SQL injection flaw now targeted in attacks

Drupal is warning that hackers are attempting to exploit a "highly critical" SQL injection vulnerability announced earlier ...
Bleeping Computer

Netherlands seizes 800 servers of hosting firm enabling cyberattacks

Financial crime investigators in the Netherlands (FIOD) arrested two men and seized 800 servers linked to a web hosting company that enabled cyberattacks, interference operations, and disinformation ...

Why Chargebacks are Just One Piece of the Fraud Puzzle

Fraud losses don't stop at chargebacks. False declines, account takeovers, and abuse also damage revenue and trust. IPQS ...

Ubiquiti patches three max severity UniFi OS vulnerabilities

Ubiquiti has released security updates to patch three maximum severity vulnerabilities in UniFi OS that can be exploited by remote attackers without privileges.

Apple blocked over $11 billion in App Store fraud in 6 years

Apple revealed that it blocked over $11 billion in fraudulent App Store transactions over the last six years, more than $2.2 ...

Max severity Cisco Secure Workload flaw gives Site Admin privileges

Cisco has released security updates to address a maximum-severity vulnerability in Secure Workload that allows attackers to ...

Hackers bypass SonicWall VPN MFA due to incomplete patching

Threat actors brute-forced VPN credentials and bypassed multi-factor authentication (MFA) on SonicWall Gen6 SSL-VPN ...
Bleeping Computer

US and Canada arrest and charge suspected Kimwolf botnet admin

U.S. and Canadian authorities arrested and charged a Canadian man with operating the KimWolf distributed denial-of-service (DDoS) botnet, which infected nearly two million devices worldwide.

Police seize “First VPN” service used in ransomware, data theft attacks

A virtual private network service called 'First VPN,' used in ransomware and data theft attacks, has been taken offline in a ...