The Russian government continues to use an array of phishing attacks and information operations, including hack-and-leak efforts, to support its invasion of Ukraine, researchers reported.

Oracle on Tuesday announced the release of 433 new patches as part of its quarterly set of security updates, including more than 70 fixes for critical-severity vulnerabilities.

Misconfigured web servers remain a “major problem” with thousands left exposed online waiting for hackers to gain access to valuable information that’s left up for grabs, according to a recent report from the security company Censys.

A recently detected Android malware named ‘Goldoson’ has made its way into Google Play and has been found in 60 legitimate applications, which have been downloaded a total of 100 million times. Users are suggested to always perform due diligence, especially for new apps without good reviews.

The malware is currently still in development and is receiving continuous improvement updates designed to make it a more potent and effective tool for attackers and a threat to defenders.

The component that makes Aurora’s delivery stealthy and dangerous is a highly evasive loader we named “in2al5d p3in4er.” It is compiled with Embarcadero RAD Studio and targets endpoint workstations using an advanced anti-VM technique.

A security researcher has released, yet another sandbox escape proof of concept (PoC) exploit that makes it possible to execute unsafe code on a host running the VM2 sandbox.

Across all BEC attacks seen over the past year, 57% of them relied on language as the main attack vector to get them in front of unsuspecting employees, according to Armorblox.

While the nation-state group has previously employed ScreenConnect, RemoteUtilities, and Syncro, a new analysis from Group-IB has revealed the adversary’s use of the SimpleHelp remote support software in June 2022.

The North Carolina–based company, which designs and manufactures network infrastructure products for a range of customers, including hospitals, schools, and U.S. federal agencies, was listed on the data leak site of the Vice Society ransomware gang.