Zoom disclosed the details about the sensitive security gaps that were affecting both the standard and IT admin versions of the application. The bugs could be exploited in Zoom’s update process.

Secure Boot is a mechanism designed to protect a device’s boot process from attacks, and bypassing it can allow an attacker to execute arbitrary code before the operating system loads.

South Staffordshire Water, which is a source of drinking water to 1.6 consumers, suffered IT disruption from a cyberattack. However, the safety and water distribution systems are still operational.

The criminals make contact with their targets via email, and for this, they register new accounts with different consumer email providers, and they use email addresses or alias designed to look like a legitimate person.

The Russian Gamaredon actor has been found using the GammaLoad.PS1 delivery chain against Ukrainian entities to steal files and credentials. The attacker group was recently linked to a similar series of social engineering attacks.

China-backed Iron Tiger APT compromised the servers of MiMi – an instant messaging application available on Windows, macOS, Android, and iOS chat applications, for a supply chain attack.

BharatPay, an Indian finance service, leaked PII and sensitive financial data of users. Researchers found that transaction data and API keys of online bill payment facilitators such as Patchway Recharge and Mr. Robotics were also exposed.

Microsoft has reportedly dismantled phishing operations by a highly persistent threat actor. Researchers have spotted SEABORGIUM intrusions that abuse OneDrive to host PDF files that contain a link to the malicious URL.

A macOS bug in its software update system could allow attackers to access all files on Mac devices. A generic process injection vulnerability can be used to escape the sandbox, elevate privileges to root and to bypass SIP’s filesystem restrictions.

We're creating a potential gateway for a bad actor to exploit every time we create a password that leads to a critical resource, whether that password is meant for an internal or external user.