Flagged by researchers Erye Hernandez and Clément Lecigne of Google’s Threat Analysis Group and Ian Beer of Google Project Zero, the vulnerability is a type confusion issue found in XNU, the kernel of Apple’s macOS and iOS operating systems.

Guardicore security researcher Amit Serper has discovered a severe design bug in MIcrosoft Exchange’s autodiscover – a protocol that lets users easily configure applications such as Microsoft Outlook with just email addresses and passwords.

The European Union has officially linked Russia to a hacking operation known as Ghostwriter that targets high-profile European Union officials, journalists, and the general public.

The Port of Houston, a critical piece of infrastructure along the Gulf Coast, issued a statement saying it had successfully defended against an attempted hack in August and “no operational data or systems were impacted.”

The vulnerability could potentially allow a remote unauthenticated attacker the ability to delete arbitrary files from an SMA 100 series appliance and gain administrator access to the device.

Google has released Chrome 94.0.4606.61 for Windows, Mac, and Linux, an emergency update addressing a high-severity zero-day vulnerability, tracked as CVE-2021-37973, exploited in the wild.

In a letter sent to affected customers, GSS officials said they took down all internal systems affected by the attack earlier and are currently using Google-based systems as an alternative.

Numerous security vulnerabilities have been identified and fixed in Apache HTTP Server 2.4, including high-impact server-side request forgery (SSRF) and request smuggling bugs.

During the last few months, the LockBit gang decided to develop and evolve a custom tool specialized in data exfiltration and used as a peculiar element to distinguish their criminal brand.

The findings from the Comparitech study show that Wall Street investors are largely unconcerned with ransomware attacks aside from a very brief sell-off when news of the attack is first published.