Turning IBM QRadar Alerts into Action with Criminal IP

Criminal IP now integrates with IBM QRadar SIEM and SOAR to bring external IP-based threat intelligence directly into detection and response workflows. See how risk scoring and automated enrichment ...

Fake job recruiters hide malware in developer coding challenges

A new variation of the fake recruiter campaign from North Korean threat actors is targeting JavaScript and Python developers with cryptocurrency-related tasks.

CISA flags critical Microsoft SCCM flaw as exploited in attacks

CISA ordered federal agencies on Thursday to secure their systems against a critical Microsoft Configuration Manager vulnerability patched in October 2024 and now exploited in attacks.

Critical BeyondTrust RCE flaw now exploited in attacks, patch now

A critical pre-authentication remote code execution vulnerability in BeyondTrust Remote Support and Privileged Remote Access ...

Claude LLM artifacts abused to push Mac infostealers in ClickFix attack

Threat actors are abusing Claude artifacts and Google Ads in ClickFix campaigns that deliver infostealer malware to macOS users searching for specific queries.

AMOS infostealer targets macOS through a popular AI app

AMOS infostealer is targeting macOS users by abusing popular AI apps and extension marketplaces to harvest credentials. Flare ...

Louis Vuitton, Dior, and Tiffany fined $25 million over data breaches

South Korea has fined luxury fashion brands Louis Vuitton, Christian Dior Couture, and Tiffany $25 million for failing to implement adequate security measures, which facilitated unauthorized access ...

Romania's oil pipeline operator Conpet confirms data stolen in attack

Romania's national oil pipeline operator, Conpet S.A., confirmed that the Qilin ransomware gang stole company data in an ...

Windows 11 Notepad flaw let files execute silently via Markdown links

Microsoft has fixed a "remote code execution" vulnerability in Windows 11 Notepad that allowed attackers to execute local or ...

WordPress plugin with 900k installs vulnerable to critical RCE flaw

A critical vulnerability in the WPvivid Backup & Migration plugin for WordPress, installed on more than 900,000 websites, can ...

Apple fixes zero-day flaw used in 'extremely sophisticated' attacks

Apple has released security updates to fix a zero-day vulnerability that was exploited in an "extremely sophisticated attack" ...

Fake AI Chrome extensions with 300K users steal credentials, emails

A set of 30 malicious Chrome extensions that have been installed by more than 300,000 users are masquerading as AI assistants ...