In a study of 146 web applications, Timo Longin, security researcher at SEC Consult, found misconfigurations that malicious actors could exploit to redirect password reset emails to their own servers.

Of those Australians who encountered a scam in 2021, 9% lost money as a result, a three percentage point increase on 2018, and slightly higher than the global average of 7%.

The LemonDuck malware is targeting both Windows and Linux systems via phishing emails, exploits, USB devices, and brute force attacks, as well as critical on-premise Exchange Server vulnerabilities.

Issues involving APIs didn’t hold businesses back just in terms of their plans to roll out new apps. They also cost valuable time and resources if an attack does happen eventually.

According to GitHub, there are four main areas of improvement for supply chain security for Go modules, including its Advisory Database, dependency graph, Dependabot, and automatic pull requests.

Apple has rolled out security updates to address dozens of iOS and macOS vulnerabilities, including a severe iOS bug dubbed WiFiDemon that could lead to denial of service or arbitrary code execution.

Discord has a malware problem. And although the platform is predominantly used by gamers, it turns out even users who have never interacted with the platform are at risk.

Avos is a relatively new ransomware, that was observed in late June and early July. Its authors announced recruitment for “pentesters with Active Directory network experience” and “access brokers.”

South Africa’s state-owned firm Transnet said that it had identified and isolated the source of disruption to its IT systems that impacted its container terminals. As per Reuters, the freight logistics firm was hit by a suspected cyberattack.

A bipartisan group of senators is pushing a bill that would require the CISA to identify and respond to vulnerabilities and threats that target industrial control systems. The House has already passed a similar measure.