Zeljka Zorz

Patch critical flaw in Atlassian Bitbucket Server and Data Center! (CVE-2022-36804)
A critical vulnerability (CVE-2022-36804) in Atlassian Bitbucket Server and Data Center could be exploited by unauthorized attackers to execute malicious code on vulnerable …

LastPass breach: Source code, proprietary tech info stolen
“An unauthorized party gained access to portions of the LastPass development environment through a single compromised developer account and took portions of source code …

Phishing PyPI users: Attackers compromise legitimate projects to push malware
PyPI, the official third-party software repository for Python packages, is warning about a phishing campaign targeting its users. “We have additionally determined that …

How attackers use and abuse Microsoft MFA
Microsoft has been pushing for the use of multi-factor authentication (MFA) to thwart attackers for many years. But threat actors are keeping up with the increasing enterprise …

Critical RCE bug in GitLab patched, update ASAP! (CVE-2022-2884)
GitLab has fixed a remote code execution vulnerability (CVE-2022-2884) affecting the Community and the Enterprise Edition of its DevOps platform, and has urged admins to …

Fake DDoS protection pages are delivering malware!
Malware peddlers are exploiting users’ familiarity with and inherent trust in DDoS protection pages to make them download and run malware on their computer, Sucuri …

Vulnerability in Amazon Ring app allowed access to private camera recordings
A vulnerability in the Android version of the Ring app, which is used to remotely manage Amazon Ring outdoor (video doorbell) and indoor surveillance cameras, could have been …

Apple fixes exploited zero-days: Update your devices! (CVE-2022-32894, CVE-2022-32893)
Apple has released security updates for iOS, iPadOS, and macOS Monterey to fix CVE-2022-32894 and CVE-2022-32893, two code execution vulnerabilities exploited by attackers in …

Microsoft makes tamper protection for macOS endpoints widely available
The tamper protection feature in Microsoft Defender for Endpoint for macOS is getting rolled out to all customers, the company has announced on Monday. The feature is meant …

DigitalOcean customers affected by Mailchimp “security incident”
A recent attack targeting crypto-related users of Mailchimp has ended up affecting users of cloud infrastructure provider DigitalOcean, the latter company has announced on …

1,900 Signal users exposed following Twilio breach
The attacker behind the recent Twilio data breach may have accessed phone numbers and SMS registration codes for 1,900 users of the popular secure messaging app Signal. …

Cisco has been hacked by a ransomware gang
U.S. networking giant Cisco Systems has been hacked, the company confirmed on Wednesday, after Yanluowang ransomware operators claimed the attack on their leak site. …
Featured news
Resources
Don't miss
- How CISOs can talk cybersecurity so it makes sense to executives
- How OSINT supports financial crime investigations
- Review: Effective Vulnerability Management
- Vuls: Open-source agentless vulnerability scanner
- Attackers exploited old flaws to breach SonicWall SMA appliances (CVE-2024-38475, CVE-2023-44221)