Collaborate Disseminate
The software defect in the widely used open-source JavaScript framework allows attackers to bypass middleware-based authorization.
The post Researchers raise alarm about critical Next.js vulnerability appeared first on CyberScoop.
Continue reading Researchers raise alarm about critical Next.js vulnerability
Connor Moucka, a 26-year-old arrested at the behest of U.S. authorities in October in Kitchener, Ontario, faces 20 federal charges.
The post Canadian citizen allegedly involved in Snowflake attacks consents to extradition to US appeared first on CyberScoop.
Trend Micro researchers discovered and reported the eight-year-old defect to Microsoft six months ago. The company hasn’t made any commitments to patch or remediate the issue.
The post Nation-state groups hit hundreds of organizations with Microsoft Windows zero-day appeared first on CyberScoop.
Continue reading Nation-state groups hit hundreds of organizations with Microsoft Windows zero-day
Inexpensive information-stealing malware surged in 2024, infecting 23 million hosts, according to Flashpoint.
The post Infostealers fueled cyberattacks and snagged 2.1B credentials last year appeared first on CyberScoop.
Continue reading Infostealers fueled cyberattacks and snagged 2.1B credentials last year
The latest smishing scam follows a familiar process as ones the industry has seen over the past decade.
The post Who is sending those scammy text messages about unpaid tolls? appeared first on CyberScoop.
Continue reading Who is sending those scammy text messages about unpaid tolls?
Socket researchers said the malware-ridden packages were collectively downloaded over 330 times. GitHub removed all of the malicious packages Wednesday.
The post Lazarus Group deceives developers with 6 new malicious npm packages appeared first on CyberScoop.
Continue reading Lazarus Group deceives developers with 6 new malicious npm packages
More than three-quarters of the vulnerabilities covered in the vendor’s monthly Patch Tuesday update are high-severity flaws.
The post Microsoft patches 57 vulnerabilities, including 6 zero-days appeared first on CyberScoop.
Continue reading Microsoft patches 57 vulnerabilities, including 6 zero-days
X’s wave of outages resembled a DDoS attack and Dark Storm Team, a prolific threat group specializing in such attacks, claimed responsibility.
The post X suffered a DDoS attack. Its CEO and security researchers can’t agree on who did it. appeared first on CyberScoop.
A pair of data breaches in late 2020 and early 2021 exposed driver’s license numbers of almost 200,000 people.
The post New York sues Allstate and subsidiaries for back-to-back data breaches appeared first on CyberScoop.
Continue reading New York sues Allstate and subsidiaries for back-to-back data breaches
The FBI is warning business leaders about the scam perpetrated by an unidentified threat group.
The post Ransomware poseurs are trying to extort businesses through physical letters appeared first on CyberScoop.
Continue reading Ransomware poseurs are trying to extort businesses through physical letters