The new APT group is specifically targeting the fuel and energy complex and aviation industry in Russia, exploiting known vulnerabilities like Microsoft Exchange Server’s ProxyShell.

Threat actors set up a page posing as the official CommerzBank page and registered multiple domains on the same IP address. Crooks used the fake website to spread fake CommerzBank apps.

In its notification to customers, Coinbase explains that between March and May 20th, 2021, a threat actor conducted a hacking campaign to breach Coinbase customer accounts and steal cryptocurrency.

Three of the security flaws fixed today by QNAP are high severity stored cross-site scripting (XSS) vulnerabilities tracked as CVE-2021-34354, CVE-2021-34356, and CVE-2021-34355.

Hackers easily take advantage of the fact that the attacks are evolving rapidly and are making use of third-party software as carriers, which is something that many organizations are not ready for.

CyberNews security researchers found that 14 top Android apps, downloaded by more than 140 million people in total, are leaking user data due to Firebase misconfigurations.

Execs lack faith in government’s ability to protect them from cyber threats, with 60% of firms believing that spending on new security tools and services is the most effective way of stopping attacks.

Google pushed out an emergency Chrome update to fix two zero-days, the second pair this month, that are being exploited in the wild. A dozen such zero-days have been found in 2021.

Of the 4.6 million customers potentially affected, “approximately 3.1 million payment and virtual gift cards were affected, more than 85% of which are expired or invalid,” according to a news release.