Threats and Risks
Google researchers disclose high-severity vulnerability affecting GitHub
The bug makes GitHub Action's workflow commands vulnerable to injection attacks, according to researchers
A quarter of cyber security incidents are Covid-related, NCSC
Security agency reports a 20 per cent increase in the total number of incidents compared with the annual average
Google reveals details of Windows zero-day vulnerability
Hackers are exploiting the vulnerability, in combination with a separate Chrome bug, to launch attacks
Russian cyber actors are targeting national parliaments and ministries of foreign affairs, US agencies warn
Hackers used ComRAT and Zebrocy malware in these attacks
Cyber actors are attempting to exploit Windows Zerologon and Oracle security flaws, researchers warn
The vulnerabilities have already been addressed but many systems remain unpatched
US hospitals under 'imminent threat' of ransomware attack, say CISA and the FBI
'Brazen, heartless and disruptive threat actors' deliberately targeting health facilities during the pandemic
US federal agencies warn organisations of global hacking campaign by North Korean Kimsuky group
The group is specifically interested in gaining intelligence on issues related to the Korean peninsula
US blacklists Russian research institute over dangerous Triton malware
The malware was used to target a petrochemical facility in the Saudi Arabia in 2017
Russian APT group 'Energetic Bear' attacking state and local networks
There's no evidence to suggest that the group has been able to compromise the integrity of elections data
Iran is sending emails to intimidate voters, US officials claim
The message warns recipients with consequences if they don't vote for Trump in 2020 Presidential Election
NSA details top 25 vulnerabilities to patch immediately
The NSA says Chinese state-sponsored hackers are actively exploiting these bugs in the wild
Microsoft addresses RCE bugs in Windows Codecs Library and Visual Studio Code
CISA is advising users and admins to patch their systems as soon as possible
Emotet malware using fake Windows Update templates
The templates trick users into enabling malicious macros in Office documents
Adobe fixes two critical bugs impacting its Magento e-commerce platform
The company is advising users to update their installation to the newest version as soon as possible
Hackers posing as notorious APT groups threaten organisations with DDoS attacks
The new and unidentified hacking group is masquerading as other, infamous groups to convince firms to pay its ransom demands
Microsoft patches 87 vulnerabilities in October 2020 Patch Tuesday update
Twelve of them are listed as 'Critical'
Microsoft leads offensive against TrickBot infrastucture ahead of US election day
The US government and cyber security experts see ransomware attacks as one of the biggest threats to the upcoming elections
Russian-speaking hackers use 'MontysThree' toolset on industrial targets
The attacks have been ongoing since 2018
Kaspersky uncovers second-ever UEFI-based malware attacks
Because UEFI lives within a flash memory chip, any malware injected into it can survive reboots, formats and OS reinstalls
Iranian APT group actively exploiting ZeroLogon vulnerability
Microsoft is again urging IT admins to patch their systems to protect data from hackers
Curbing the rise of fake domains and misinformation campaigns
A failure to curb the growing problem of misinformation could have serious repercussions for the Internet and for society as a whole
Ransomware incidents 'appeared to explode' in June: IBM
The number of ransomware attacks in the second quarter of 2020 was around three times higher than in Q1
Over 247,000 Microsoft Exchange Servers remain unpatched for serious RCE bug
The CVE-2020-0688 flaw is being actively exploited in the wild, US federal agencies warned earlier this month
Windows XP source code leaked online
The source, going by the name billgates3, claimed that the source code has been circulating privately for many years
Most read
