Researchers at Leiden Institute of Advanced Computer Science find many fake proof-of-concept (PoC) exploits for vulnerabilities on GitHub, many of them including malware.

The Dutch National Police trick the DeadBolt ransomware gang, by reversing the Bitcoin ransom payments, after receiving the decryption keys for multiple victims.

Mandiant uncovers a new type of malware that targets ESXi Hypervisors, Linux vCenters and SAN arrays, through which attackers gain undeteced privileged access to the underlining virtual machines.

Attackers spam users with MFA push notifications, until they finally accept by error or just because they are overwhelmed. This is becoming more common way of bypassing MFA.

Microsoft releases Defender standalone for Android, Apple iOS, macOS and of course Windows, for customers having a Microsoft 365 home or business subscription

CISA) is releasing this Cybersecurity Advisory (CSA) to warn organizations that malicious cyber actors, likely advanced persistent threat (APT) actors, are exploiting CVE-2022-22954 and CVE-2022-22960 separately and in combination

The Five Eyes (FVEY) intelligence alliance warns managed service providers (MSPs) and their customers around increasing supply chain attacks.

Apple, Google and Microsoft today jointly announced plans to expand support for a common passwordless sign-in standard created by the FIDO Alliance and the World Wide Web Consortium

Windows Autopatch will keep Windows and Office software on enrolled endpoints up-to-date automatically

Trend Micro Threat Research identify malicious actors actively exploiting the Spring4Shell vulnerability to weaponize and execute the Mirai DDoS botnet malware.