Security researchers at Detectify have discovered a series of middleware misconfigurations in Nginx config files from GitHub that could leave web applications vulnerable to attack.

Kasablanca, a hacker group, has targeted cyberattacks on at least six well-known Bangladeshi financial and government organizations, says the e-Government Computer Incident Response Team (e-Gov CIRT).

One of the worst hacks yet discovered had an impact on all four. SolarWinds and Microsoft programs were used to attack others and the hack struck at about 100 U.S. companies and nine federal agencies.

MalwareBytes reported a newly discovered threat group named LazyScripter targeting the International Air Transport Association (IATA) members, airlines, and refugees to Canada.

The feature is included in the web browser’s latest release — alongside multiple picture-in-picture views — and essentially works by keeping cookies isolated between each site you visit.

The number of ransomware attacks targeting universities has doubled over the past year and the cost of ransomware demands is going up as information security teams struggle to fight off cyberattacks.

The attack chain begins with the exploit of remote code execution (RCE) vulnerabilities impacting software including Hadoop Yarn and Elasticsearch, such as CVE-2015-1427 and CVE-2019-9082.

A joint cybersecurity advisory from the U.S. government is warning against AppleJeus malware, the Lazarus group’s new development, that masquerades as crypto trading software.

Gamers worldwide are being directly targeted with cyberattacks, mostly through credential stuffing and phishing, to pilfer account credentials and card data.