The China-linked nation-state hacking group referred to as Mustang Panda is using lures related to the ongoing Russo-Ukrainian War to attack entities in Europe and the Asia Pacific.

The espionage activity, directed against a telecom company in the region, is said to have commenced on August 19, 2021, through the successful exploitation of ProxyShell flaws in the Microsoft Exchange Server.

At least 20 individuals are believed to have been targeted, Human Rights Watch (HRW) said in a report published Monday, attributing the malicious activity to an adversarial collective tracked as APT42.

Cryptonite, unlike other ransomware strains, is not available for sale on the cybercriminal underground and was instead offered for free by an actor named CYBERDEVILZ until recently through a GitHub repository.

Collectively called BMC&C, the newly identified issues can be exploited by attackers having access to remote management interfaces such as Redfish, potentially enabling adversaries to gain control of the systems and put cloud infrastructures at risk.

The maintainers of the FreeBSD operating system have released updates to remediate a security vulnerability impacting the ping module that could be potentially exploited to crash the program or trigger remote code execution.

New findings from cybersecurity firm JFrog show that malware targeting the npm ecosystem can evade security checks by taking advantage of an "unexpected behavior" in the npm command line interface (CLI) tool.

The French data protection watchdog on Tuesday fined electricity provider Électricité de France €600,000 ($623,256) for violating the European Union General Data Protection Regulation (GDPR) requirements.

Mandiant, which is part of Google Cloud, is tracking the cluster under its uncategorized moniker UNC4191. An analysis of the artifacts used in the intrusions indicates that the campaign dates as far back as September 2021.

Researchers have disclosed details of three new security vulnerabilities affecting operational technology (OT) products from CODESYS and Festo that could lead to source code tampering and denial-of-service (DoS).