Attacker Breach ‘Dozens’ of GitHub Repos Using Stolen OAuth Tokens

GitHub shared the timeline of breaches in April 2022, this timeline encompasses the information related to when a threat actor gained access and stole private repositories belonging to dozens of…

Threat-Hunting Journal April 2022 – Easter Edition

What better way to remember Easter than drawing up a list of the malware Bunny’s most ‘interesting’ offerings? Can you guess who’s the winner of this year’s (malware) egg hunt?…

Bitdefender Threat Debrief | April 2022

Highlight of the month: MITRE ATT&CK Evaluations 2022 Security practitioners are familiar with the MITRE ATT&CK Framework, but they are often not familiar with another related project – MITRE ATT&CK…

Cyberattacks Rage in Ukraine, Support Military Operations

At least five APTs are believed involved with attacks tied ground campaigns and designed to damage Ukraine’s digital infrastructure. Cyberattacks against Ukraine have been used strategically to support ground campaigns,…

Log4j flaw: Thousands of applications are still vulnerable, warn security researchers

Months on from a critical zero-day vulnerability being disclosed in the widely-used Java logging library Apache Log4j, a significant number of applications and servers are still vulnerable to cyberattacks because…

ExtraReplica: Microsoft patches cross-tenant bug in Azure PostgreSQL

Microsoft has patched a security weakness in Azure PostgreSQL which could have been exploited to execute malicious code. On Thursday, researchers from Wiz Research published an advisory on “ExtraReplica,” described…

Microsoft: Russia has launched hundreds of cyberattacks against Ukraine

Microsoft warns it saw six Russia-aligned, state-sponsored hacking groups launch over 237 cyberattacks against Ukraine starting in the weeks before Russia’s February 24 invasion. Microsoft has released an in-depth report…

Android security: We stopped billions of harmful app downloads, says Google

Google says it blocked 1.2 million apps from being published to the Google Play store because the company detected policy violations in its app review processes, preventing “preventing billions of…

The Top Exploited Vulnerabilities in 2021 Revealed by Cybersecurity Firms

Cybersecurity authorities around the world have published a list of the top 15 vulnerabilities regularly exploited by malicious actors in 2021, in collaboration with the NSA and the FBI. In…

Global Security Spending Set to Hit $198bn by 2025

Geopolitical uncertainty adds to CISOs’ headaches