Welcome to our blog!

Hundreds of UEFI products from 10 vendors are susceptible to compromise due to a critical firmware supply-chain issue known as PKfail, which allows attackers to bypass Secure Boot and install malware. [...] from...

Threat actors are chaining together ServiceNow flaws using publicly available exploits to breach government agencies and private firms in data theft attacks. [...] from...

Microsoft has released the optional KB5040527 preview cumulative update for Windows 11 23H2 and 22H2, which includes fixes for Windows Backup and upgrade failures. [...] from...

The U.S. State Department is offering a reward of up to $10 million for information that could lead to the identification or location of a North Korean military hacker. [...] from...

Meta has removed 63,000 Instagram accounts from Nigeria that were involved in sextortion scams, including a coordinated network of 2,500 accounts linked to 20 individuals targeting primarily adult men in the United States. [...] from...

Progress Software has warned customers to patch a critical remote code execution security flaw in the Telerik Report Server that can be used to compromise vulnerable devices. [...] from...

The French police and Europol are pushing out a "disinfection solution" that automatically removes the PlugX malware from infected devices in France. [...] from...

Multivendor tech stacks are costly and complex to integrate and manage. Learn more from Cynet about how an All-in-One approach reduces costs for MSPs and SMEs, while offering increased security. [...] from...

Google Chrome now warns when downloading risky password-protected files and provides improved alerts with more information about potentially malicious downloaded files. [...] from...

Threat actors known as 'Stargazer Goblin' have created a malware Distribution-as-a-Service (DaaS) from over 3,000 fake accounts on GitHub that push information-stealing malware. [...] from...

Docker has issued security updates to address a critical vulnerability impacting certain versions of Docker Engine that could allow an attacker to bypass authorization plugins (AuthZ) under certain circumstances. [...] from...

Microsoft has fixed a known Windows 10 update issue that broke Microsoft Connected Cache (MCC) node discovery on enterprise networks. [...] from https://www.bleepingcomputer.com/news/microsoft/microsoft-fixes-bug-behind-windows-10-connected-cache-delivery-issues/

American cybersecurity company KnowBe4 says a person it recently hired as a Principal Software Engineer turned out to be a North Korean state actor who attempted to install information-stealing on its devices. [...] from...

Google Chrome now warns when downloading risky password-protected files and provides improved alerts with more information about potentially malicious downloaded files. [...] from...

CrowdStrike released a Preliminary Post Incident Review (PIR) on the faulty Falcon update explaining that a bug allowed bad data to pass its Content Validator and cause millions of Windows systems to crash on July 19, 2024. [...] from...

Now that the mWISE 2024 session catalog is out, it's time to take a closer look at the topics. Learn more from @mWISEConference about the three hottest tracks in this year's conference. [...] from...

Microsoft warned that some Windows devices will boot into BitLocker recovery after installing the July 2024 Windows security updates. [...] from https://www.bleepingcomputer.com/news/microsoft/windows-july-security-updates-send-pcs-into-bitlocker-recovery/

The entire database for the notorious BreachForums v1 hacking forum was released on Telegram Tuesday night, exposing a treasure trove of data, including members' information, private messages, cryptocurrency addresses, and every post on the forum. [...] from...