- Google Patches Chrome’s Fifth Zero-Day of the Year »
An insufficient validation input flaw, one of 11 patched in an update this week, could allow for arbitrary code execution and is under active attack.
- APT Lazarus Targets Engineers with macOS Malware »
The North Korean APT is using a fake job posting for Coinbase in a cyberespionage campaign targeting users of both Apple and Intel-based systems.
- U.K. Water Supplier Hit with Clop Ransomware Attack »
The incident disrupted corporate IT systems at one company while attackers misidentified the victim in a post on its website that leaked stolen data.
- Xiaomi Phone Bug Allowed Payment Forgery »
Mobile transactions could’ve been disabled, created and signed by attackers.
- Black Hat and DEF CON Roundup »
‘Summer Camp’ for hackers features a compromised satellite, a homecoming for hackers and cyberwarfare warnings.
- Feds: Zeppelin Ransomware Resurfaces with New Compromise, Encryption Tactics »
The CISA has seen a resurgence of the malware targeting a range of verticals and critical infrastructure organizations by exploiting RDP, firewall vulnerabilities.
- Facebook’s In-app Browser on iOS Tracks ‘Anything You Do on Any Website’ »
Researcher shows how Instagram and Facebook’s use of an in-app browser within both its iOS apps can track interactions with external websites.
- Starlink Successfully Hacked Using $25 Modchip »
Belgian researcher Lennert Wouters revealed at Black Hat how he mounted a successful fault injection attack on a user terminal for SpaceX’s satellite-based internet system
- New Hacker Forum Takes Pro-Ukraine Stance »
A uniquely politically motivated site called DUMPS focuses solely on threat activity directed against Russia and Belarus
- Cisco Confirms Network Breach Via Hacked Employee Google Account »
Networking giant says attackers gained initial access to an employee’s VPN client via a compromised Google account.