Officials at Michaels, the large craft and home goods retailer, are investigating a potential data breach that has apparently affected an unknown number of cards used in the chain’s stores in the last ...

Researchers uncover a watering hole attack likely carried out by APT TA423, which attempts to plant the ScanBox JavaScript-based reconnaissance tool. A China-based threat actor has ramped up efforts ...

Instances of phishing attacks leveraging the Microsoft brand increased 266 percent in Q1 compared to the year prior. The bloom is back on phishing attacks with criminals doubling down on fake messages ...

Fake travel reservations are exacting more pain from the travel weary, already dealing with the misery of canceled flights and overbooked hotels. A longtime threat group identified as TA558 has ramped ...

An insufficient validation input flaw, one of 11 patched in an update this week, could allow for arbitrary code execution and is under active attack. Google has patched the fifth actively exploited ...

The data includes IP addresses for Cobalt Strike C2 servers as well as an archive including numerous tools and training materials for the group, revealing how it performs attacks. An apparently ...

The WordPress WP HTML Mail plugin for personalized emails is vulnerable to code injection and phishing due to XSS. More than 20,000 WordPress sites are vulnerable to malicious code injection, phishing ...

The malicious app spreads the BlackRock malware, which steals credentials from 458 services – including Twitter, WhatsApp, Facebook and Amazon. Researchers are warning of a fake version of the popular ...

‘Summer Camp’ for hackers features a compromised satellite, a homecoming for hackers and cyberwarfare warnings. There was nothing typical this year at BSides LV, Black Hat USA and DEF CON – also known ...

A dump of hundreds of thousands of active accounts is aimed at promoting AllWorld.Cards, a recently launched cybercriminal site for selling payment credentials online. Threat actors have leaked 1 ...

The threat actor targets institutions and companies in Europe and Asia. An advanced persistent threat (APT) group, dubbed ToddyCat, is believed behind a series of attacks targeting Microsoft Exchange ...

Bad actor obtained passwords for servers, home routers, and smart devices by scanning internet for devices open to the Telnet port. A hacker has published a list of credentials for more than 515,000 ...