

Lucian Constantin
CSO Senior Writer
Lucian Constantin writes about information security, privacy, and data protection for CSO.


APT group Winter Vivern exploits Zimbra webmail flaw to target government entities
Winter Vivern's campaign shows that threat actors can effectively take advantage of medium-severity vulnerabilities.

North Korean threat actor APT43 pivots back to strategic cyberespionage
The APT43 group is highly adept at using social engineering to target individuals and extract sensitive information.

Researchers warn of two new variants of potent IcedID malware loader
The new IcedID variants are likely used for ransomware delivery, and researchers expect new variants to emerge.

Critical flaw in WooCommerce can be used to compromise WordPress websites
The vulnerability could allow unauthenticated administrative takeover of websites. WooCommerce has released an update.

Critical flaw in AI testing framework MLflow can lead to server and data compromise
The now-patched vulnerability in the popular MLflow platform could expose AI and machine-learning models stored in the cloud and allow for lateral movement.

Russian hacktivists deploy new AresLoader malware via decoy installers
The new malware loader can give attackers remote access and the ability to deliver other payloads.

55 zero-day flaws exploited last year show the importance of security risk management
Cybercriminals are now exploiting zero-day vulnerabilities for higher profits, which might require a reassessment of your risk.

Two Patch Tuesday flaws you should fix right now
Vulnerabilities affecting both Outlook for Windows and Microsoft SmartScreen were patched recently — both could have wide-ranging impact.

DNS data shows one in 10 organizations have malware traffic on their networks
Akamai report highlights how widespread malware threats remain, noting the dangers of threats specific to DNS infrastructure.

Stolen credentials increasingly empower the cybercrime underground
New research shows that criminal gangs are focusing more on acquiring stolen credentials to bypass security measures.

Attack campaign uses PHP-based infostealer to target Facebook business accounts
The threat actor uses the malware to target critical government infrastructure employees, manufacturing companies, and others.