The FBI first learned of Diavol ransomware in October 2021. The FBI has not yet observed Diavol leak victim data, despite ransom notes including threats to leak stolen information.

McAfee has patched a security vulnerability discovered in the company's McAfee Agent software for Windows enabling attackers to escalate privileges and execute arbitrary code with SYSTEM privileges.

By the Common Vulnerability Scoring System (CVSS) v3.1 scoring test, the new Linux Kernel vulnerability scored a solid 7.7. That's considered a high-security vulnerability.

Security researchers at FortiGuard Labs recently came across an example of such an email which was subsequently found to harbor a variant of the STRRAT malware as an attachment.

The flaws, classified as medium severity, are tracked as CVE-2021-41182, CVE-2021-41183, and CVE-2021-41184, and they have been patched with the release of jQuery UI 1.13.

The WordPress WP HTML Mail plugin, installed in over 20,000 sites, is vulnerable to a high-severity flaw that can lead to code injection and the distribution of convincing phishing emails.

New Emotet spam campaigns were found using hexadecimal and octal representations of IP addresses, likely to evade detection via pattern matching. Both routines try to trick users into enabling macros.

Cybercriminals looking to capitalize on the Log4Shell vulnerability are attacking devices from SolarWinds and ZyXEL that are known to have used the Log4j library inside their software.

A total of 22 vulnerabilities addressed with the latest Chrome refresh were reported by external researchers, including one critical-severity, 16 high-severity, and five medium-severity issues.

Security analysts have discovered and linked MoonBounce, "the most advanced" UEFI firmware implant found in the wild so far, to the Chinese-speaking APT41 hacker group (also known as Winnti).