News

FTC approves $126 million in Fortnite refunds over ‘dark patterns’
The Federal Trade Commission (FTC) has approved $126,000,000 in refunds to be sent to 969,173 Fortnite players as part of a ...
Cisco warns of max severity RCE flaws in Identity Services Engine
Cisco has published a bulletin to warn about two critical, unauthenticated remote code execution (RCE) vulnerabilities ...
Man pleads guilty to hacking networks to pitch security services
A Kansas City man has pleaded guilty to hacking multiple organizations to advertise his cybersecurity services, the U.S.
3 key takeaways from the Scattered Spider attacks on insurance firms
Identity is the new battleground—and Scattered Spider exploits it. Join Push Security to unpack how identity-based attacks are reshaping the threat landscape, and how to defend against MFA bypass, ...
Microsoft 365 'Direct Send' abused to send phishing as internal users
An ongoing phishing campaign abuses a little‑known feature in Microsoft 365 called "Direct Send" to evade detection by email ...
Microsoft fixes Outlook bug causing crashes when opening emails
Microsoft has fixed a known issue that will cause the classic Outlook email client to crash when opening emails or starting a ...
Microsoft confirms Family Safety blocks Google Chrome from launching
Microsoft has confirmed that its Family Safety parental control service is blocking users from launching Google Chrome and ...
CISA: AMI MegaRAC bug enabling server hijacks exploited in attacks
CISA says a maximum severity vulnerability in AMI's MegaRAC Baseboard Management Controller (BMC) software, which enables ...
Hacker 'IntelBroker' charged in US for global data theft breaches
A British national known online as "IntelBroker" has been charged by the U.S. for stealing and selling sensitive data from ...
Hackers turn ScreenConnect into malware using Authenticode stuffing
Threat actors are abusing the ConnectWise ScreenConnect installer to build signed remote access malware by modifying hidden ...
Hackers abuse Microsoft ClickOnce and AWS services for stealthy attacks
A sophisticated malicious campaign that researchers call OneClik has been leveraging Microsoft's ClickOnce software ...
New wave of ‘fake interviews’ use 35 npm packages to spread malware
A new wave of North Korea's 'Contagious Interview' campaign is targeting job seekers with malicious npm packages that infect ...