Security researchers discovered credentials for the Oldsmar water treatment facility in the massive compilation of data from breaches posted just days before the cyberattack.

The PayPal vulnerability was discovered in February 2020 by a security researcher who goes by the name Cr33pb0y, who was paid $2,900 as part of HackerOne’s bug bounty program.

As researchers continue to block new attack vectors, actors behind Agent Tesla malware have been found launching new variants designed to infect Microsoft Antimalware Scan Interface (AMSI) itself.

Threat actors continue to upgrade their attack arsenal. Now, researchers reported a cyberespionage campaign using the new LodaRAT to spy on Android and Windows users in Bangladesh.

An Iranian APT masquerading as the Ministry of Foreign Affairs of Kuwait and the UAE National Council is using a remote management tool called ConnectWise Control in a cyberespionage campaign.

By the time law enforcement intervened, Emotet had infected more than 1.6 million machines and caused hundreds of millions of dollars in damage.

The vulnerability in Chess.com’s API could have been exploited to access any account on the site. It could also be used to gain full access to the site through its admin panel.

The expose included live details such as location, whether the microphone was active, and the name of the WiFi network that the camera is connected to, along with information about the webcam owner such as email addresses.

The Internal Revenue Service (IRS) has warned US tax professionals of identity thieves actively targeting them in a series of phishing attacks attempting to steal Electronic Filing Identification Numbers (EFINs).

The researchers also discovered that botnets and attackers behind malware and phishing email attacks are relying on “fast-churning campaigns” where the same template will hit an average of no more than 1,000 potential victims.