The recently-patched flaw could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. Go to Source

This could mark yet another reinvention for the VenusLocker group, which has mostly been focused on cryptomining this year. Go to Source

The Cosmos Bank incident is only the latest, not the last, thanks to lagging security practices. Go to Source

The unpatched flaw would allow a bad actor to execute information-exfiltrating malware, backdoors, ransomware or any other kind of bad code he or she chose. Go to Source

A new email campaign includes a Microsoft Office Publisher file with malicious URLs leading to the FlawedAmmyy RAT. Go to Source

The issue impacts several content management systems, including Typo3 and WordPress, as well as widely-used PDF generation library TCPDF. Go to Source

Cryptocurrency angel investor Michael Terpin seeks damages for “gross negligence” by the carrier, alleging it turned a blind eye to store employees’ malicious activities. Go to Source

An analysis of the world’s most-visited websites shows that vulnerable software, too much active content and large amounts of code execution open visitors to a raft of potential dangers. Go to Source

A new downloader, which has been spotted in an array of recent email campaigns, uses anti-analysis techniques and calls in a system fingerprinting module. Go to Source

Trickbot is back, this time with a stealthy code injection trick. Go to Source