Malicious PyPI Code Packages Rack Up Thousands of Downloads

The Python code repository was infiltrated by malware bent on data exfiltration from developer apps and more. Three malicious packages hosted in the Python Package Index (PyPI) code repository have…

All You Need to Know About the New Zero-Day Found in the Log4j Java Library

Log4j 2 is a Java logging library that is open source and extensively used in a variety of software applications and services throughout the world. The flaw gives threat actors…

Hackers actively exploiting 0-day in Ubiquitous Apache Log4j tool

Apache has released Log4j version 2.15.0 to address the critical RCE vulnerability and users are urged to apply the update immediately. The Apache Foundation’s Log4j is a widely used open-source…

Zero Day in Ubiquitous Apache Log4j Tool Under Active Attack

The Log4Shell vulnerability critically threatens anybody using the popular open-source Apache Struts framework and could lead to a “Mini internet meltdown soonish.” An excruciating, easily exploited flaw in the ubiquitous…

This decade-old malware has picked up some nasty new tricks

Qakbot, a top trojan for stealing bank credentials, has in the past year started delivering ransomware and this new business model is making it harder for network defenders to detect…

Malware distribution in public repositories highlighted by malicious npm packages stealing Discord tokens

ZDNet Recommends Best security key 2021 While robust passwords go a long way to securing your valuable online accounts, hardware-based two-factor authentication takes that security to the next level. Read…

Ransomware Alert! Why AV and EDR are Failing and How to Better Secure your Company

Ransomware attacks are soaring. By the end of this year, the global costs incurred by ransomware will be more than $20 billion annually – 57 times what they were in…

SMA 100 flaws in SonicWall VPN expose devices to remote takeover

If exploited, an unauthenticated, remote attacker can execute code as a “nobody user” in the device meaning attacker would get root access and gain full control of the device. SonicWall,…

Credit Card Swipers Injected into WordPress Plugins

As the holiday season is approaching, more and more people to rush to finish their Christmas shopping without being aware of the fact that cybercriminals don’t take time off for…

Malicious npm Code Packages Built for Hijacking Discord Servers

The lurking code-bombs lift Discord tokens from users of any applications that pulled the packages into their code bases. A series of malicious packages in the Node.js package manager (npm)…