Hackers are now spreading malware using Microsoft OneNote attachments in phishing emails, infecting victims using remote access malware that can be used to install additional malware, steal passwords, or even cryptocurrency wallets.

Researchers found a highly sophisticated scheme in which cybercriminals exploited the limited signal available to the verification partners in their targeted environment, including in-app advertising mainly on iOS.

BitKeep says it will compensate victims of a December 2022 hack that cost users $8 million. BitKeep says hacking victims will receive half their stolen funds by the end of February, with the remaining funds slated for payment by the end of March.

Drupal this week announced software updates that resolve a total of four vulnerabilities in Drupal core and three plugins, and which could lead to unauthorized access to data.

Vulnerability management issues are a common problem for many healthcare entities and can become an even bigger concern when unremediated issues are left to linger for years.

More than three-quarters of manufacturing organizations harbor unpatched high-severity vulnerabilities in their systems. New telemetry from SecurityScorecard shows a year-over-year increase in high-severity vulnerabilities in those organizations.

Los Angeles Unified School District (LAUSD), the second-largest school district in the United States, says the Vice Society ransomware gang has stolen files containing contractors’ personal information, including Social Security Numbers (SSNs).

Unauthenticated attackers can exploit the critical severity auth bypass flaw remotely via specially crafted HTTP requests sent to the vulnerable routers’ web-based management interface to gain root access.

Threat actors associated with the Roaming Mantis attack campaign have been observed delivering an updated variant of their patent mobile malware known as Wroba to infiltrate Wi-Fi routers and undertake Domain Name System (DNS) hijacking.