Lucian Constantin

CSO Senior Writer

Lucian Constantin writes about information security, privacy, and data protection for CSO.

Spyware vendors use exploit chains to take advantage of patch delays in mobile ecosystem

APT group Winter Vivern exploits Zimbra webmail flaw to target government entities

APT group Winter Vivern exploits Zimbra webmail flaw to target government entities

Winter Vivern's campaign shows that threat actors can effectively take advantage of medium-severity vulnerabilities.

North Korean threat actor APT43 pivots back to strategic cyberespionage

North Korean threat actor APT43 pivots back to strategic cyberespionage

The APT43 group is highly adept at using social engineering to target individuals and extract sensitive information.

Researchers warn of two new variants of potent IcedID malware loader

Researchers warn of two new variants of potent IcedID malware loader

The new IcedID variants are likely used for ransomware delivery, and researchers expect new variants to emerge.

Critical flaw in WooCommerce can be used to compromise WordPress websites

Critical flaw in WooCommerce can be used to compromise WordPress websites

The vulnerability could allow unauthenticated administrative takeover of websites. WooCommerce has released an update.

Critical flaw in AI testing framework MLflow can lead to server and data compromise

Critical flaw in AI testing framework MLflow can lead to server and data compromise

The now-patched vulnerability in the popular MLflow platform could expose AI and machine-learning models stored in the cloud and allow for lateral movement.

Russian hacktivists deploy new AresLoader malware via decoy installers

Russian hacktivists deploy new AresLoader malware via decoy installers

The new malware loader can give attackers remote access and the ability to deliver other payloads.

55 zero-day flaws exploited last year show the importance of security risk management

55 zero-day flaws exploited last year show the importance of security risk management

Cybercriminals are now exploiting zero-day vulnerabilities for higher profits, which might require a reassessment of your risk.

Two Patch Tuesday flaws you should fix right now

Two Patch Tuesday flaws you should fix right now

Vulnerabilities affecting both Outlook for Windows and Microsoft SmartScreen were patched recently — both could have wide-ranging impact.

DNS data shows one in 10 organizations have malware traffic on their networks

DNS data shows one in 10 organizations have malware traffic on their networks

Akamai report highlights how widespread malware threats remain, noting the dangers of threats specific to DNS infrastructure.

Stolen credentials increasingly empower the cybercrime underground

Stolen credentials increasingly empower the cybercrime underground

New research shows that criminal gangs are focusing more on acquiring stolen credentials to bypass security measures.

Attack campaign uses PHP-based infostealer to target Facebook business accounts

Attack campaign uses PHP-based infostealer to target Facebook business accounts

The threat actor uses the malware to target critical government infrastructure employees, manufacturing companies, and others.

Load More