Zeljka Zorz

3CX compromise: More details about the breach, new PWA app released
3CX has released an interim report about Mandiant’s findings related to the compromise the company suffered last month, which resulted in a supply chain attack targeting …

Microsoft patches zero-day exploited by attackers (CVE-2023-28252)
It’s April 2023 Patch Tuesday, and Microsoft has released fixes for 97 CVE-numbered vulnerabilities, including one actively exploited zero-day (CVE-2023-28252). About …

Apple rushes fixes for exploited zero-days in iPhones and Macs (CVE-2023-28205, CVE-2023-28206)
Apple has pushed out security updates that fix two actively exploited zero-day vulnerabilities (CVE-2023-28205, CVE-2023-28206) in macOS, iOS and iPadOS. Reported by …

Rilide browser extension steals MFA codes
Cryptocurrency thieves are targeting users of Chromium-based browsers – Google Chrome, Microsoft Edge, Brave Browser, and Opera – with an extension that steals …

Rorschach ransomware deployed by misusing a security tool
An unbranded ransomware strain that recently hit a US-based company is being deployed by attackers who are misusing a tool included in a commercial security product, Check …

Flood of malicious packages results in NPM registry DoS
Attackers are exploiting the good reputation and “openness” of the popular public JavaScript software registry NPM to deliver malware and scams, but are also …

Prevent and detect Adobe ColdFusion exploitation (CVE-2023-26360, CVE-2023-26359)
When Adobe released security updates for its ColdFusion application development platform last month, it noted that one of the vulnerabilities (CVE-2023-26360) had been …

3CX supply chain attack: What do we know?
Five days have passed since the supply chain attack targeting 3CX customers gained wider public attention, but the software’s manufacturer is yet to confirm how the …

Western Digital network security incident and service outage
US-based data storage company Western Digital has announced that it has suffered a network security incident that resulted in an unauthorized third party gaining access to a …

Ransomware gangs are exploiting IBM Aspera Faspex RCE flaw (CVE-2022-47986)
Attackers are exploiting a critical vulnerability (CVE-2022-47986) in the IBM Aspera Faspex centralized file transfer solution to breach organizations. About CVE-2022-47986 …

3CX customers targeted via trojanized desktop app
Suspected state-sponsored threat actors have trojanized the official Windows desktop app of the widely used 3CX softphone solution, a number of cybersecurity companies began …

Microsoft unveils AI-powered Security Copilot analysis tool
Microsoft has unveiled Security Copilot, an AI-powered analysis tool that aims to simplify, augment and accelerate security operations (SecOps) professionals’ work. …
Featured news
Resources
Don't miss
- Is privacy becoming a luxury? A candid look at consumer data use
- Unpatched Windows Server vulnerability allows full domain compromise
- Signal blocks Microsoft Recall from screenshotting conversations
- The hidden gaps in your asset inventory, and how to close them
- CTM360 report: Ransomware exploits trust more than tech