A relatively new ransomware strain behind a series of breaches on corporate networks has developed new capabilities that allow it to broaden the scope of its targeting and evade security software.

Security vulnerabilities found in Point-of-sale (PoS) terminals produced by two of the biggest manufacturers of these devices in the world could have allowed cybercriminals to do a lot of damage.

Two new backdoors have been attributed to the Molerats advanced persistent threat (APT) group, which is believed to be associated with the Palestinian terrorist organization Hamas.

Microsoft has not said when or if it will patch the vulnerability, but the tech giant pointed out that “this technique requires an attacker to have already compromised the target machine to run malicious code.”

Bug bounty researcher “Tabahi” (ta8ahi) found the issue, described as a site-wide cross-site request forgery (CSRF) bug deserving of a 9 – 10 severity score. The vulnerability impacts the Glassdoor web domain.

Buggy firmware opens a number of D-Link VPN router models to zero-day attacks. The flaws, which lack a complete vendor fix, allow adversaries to launch root command injection attacks that can be executed remotely and allow for device takeover.

Unit 42 researchers uncovered a novel Linux-based cryptocurrency mining botnet that exploits a disputed PostgreSQL remote code execution (RCE) vulnerability that compromises database servers for cryptojacking.

A team at vpnMentor found the massive Instagram click farm operation thanks to a completely unsecured Elasticsearch database it was using, connected to the public-facing internet.

The European Council voted to locate the EU’s future cybersecurity research hub in Bucharest, Romania’s capital. Named the European Cybersecurity Industrial, Technology and Research Competence Centre,, the new hub is set to start operating next year.

A potential remote code execution (RCE) vulnerability has been patched in one of Starbucks’ mobile domains. A CVE has not been issued for the critical vulnerability but a severity score of 9.8 has been added to the report.