Critical vulnerabilities in the JavaScript-based open source forum platform NodeBB could allow attackers to steal private information and access admin accounts, researchers have warned.

Researchers have discovered new cross-site data leakage attacks against modern web browsers, including Tor Browser, Firefox, Chrome, Edge, Safari, and Opera, among others.

Red Canary noted that it’s not just individuals who use KMSPico to fraudulently activate Windows as it has also noticed various IT departments using the tool which makes it a big threat in such cases.

Pip-audit leverages the PyPI JSON API to compare dependencies against the Python Packaging Advisory Database – a repository of security advisories that collects much of its data from the NVD CVE feed.

The emails offer recipients a free Omicron PCR test, which they claim will allow them to circumvent limitations. The emails purport to come from the U.K’s National Health Service (NHS).

The FTC has amended its data protection policy, the Standards for Safeguarding Customer Information, implementing tougher rules for financial institutions that process customer information.

Since the beginning of 2020, Babam has set up numerous auctions on the Russian-language cybercrime forum Exploit, mainly selling VPN credentials stolen from various companies.

Trend Micro researchers found multiple vulnerabilities being exploited by cryptomining malware samples which were being spread through the abuse of GitHub and Netlify repositories.

Tor2Mine, a cryptominer which has been under active development since 2019, uses a PowerShell script to disable anti-malware solutions, deploy the payload, and steal Windows credentials. 

Symantec has reported a link between Thieflock and Yanluowang ransomware operations. The latter recently picked up its pace to target financial companies in the U.S. Researchers believe that the attackers are highly attack-oriented because the ransomware behavior hasn’t altered since its discovery.