According to a new advisory recently shared by security company Cyfirma with Infosecurity, the discovered vulnerabilities could have been exploited to target almost 1000 systems.

Hospitality company Sonder has confirmed a data breach that has potentially compromised guest records. According to a security update published on Wednesday, Sonder learned of unauthorized access to one of its systems on November 14.

Template injection attacks are a form of living off the land (LotL) attack used by adversaries to inject a malicious URL in a document to render a malicious template hosted on a local or remote machine.

The findings were described in a new advisory published by the Cybereason Global SOC (GSOC) team earlier today, highlighting several Black Basta infections using QakBot beginning on November 14, 2022.

The inner workings of yet another ransomware group have been laid bare after internal messages were leaked online, suggesting the Yanluowang group was actually run by Russian speakers.

Sports betting site DraftKings has promised to reimburse an undisclosed number of customers after they lost $300,000 through a suspected credential-stuffing attack campaign.

Security researchers at CloudSEK shared the data with Infosecurity before publication, adding that 32 of the above applications were found to have critical Admin secrets hardcoded and that the team had identified 57 unique admin keys so far.

Private equity firms are failing to adequately manage cyber risk in their portfolio companies, with a fifth (19%) of such businesses found to feature easily exploitable vulnerabilities, according to BlueVoyant.

As per security researchers at Armorblox, a credential phishing attack reportedly targeted 22,000 students at national educational institutions with a campaign impersonating Instagram.

The infamous LockBit ransomware variant remained the most widespread in the third quarter of 2022, accounting for over a fifth (22%) of detections, according to a new report from Trellix.