Lucian Constantin
CSO Senior Writer
Lucian Constantin writes about information security, privacy, and data protection for CSO.
Azure API Management flaws highlight server-side request forgery risks in API development
New SSRF vulnerabilities highlight the weaknesses of using blacklisting techniques as a defense mechanism.
Attacks increasingly use malicious HTML email attachments
New research shows that up to a half of all HTML email attachments are malicious, and not just because of a few massive campaigns.
Cybercrime group FIN7 targets Veeam backup servers
At least two Veeam instances have been compromised, possibly using a vulnerability patched in March.
Iranian cyberspies deploy new malware implant on Microsoft Exchange Servers
Attacks using the BellaCiao malware dropper seem to be customized for specific targets.
New DDoS amplification vector could enable massive attacks
A vulnerability in the Service Location Protocol on internet-connected devices could create a DDoS amplification factor of up to 2200X.
Thousands of misconfigured container and artifact registries expose sensitive credentials
Shadow IT or careless configuration of container and artifact registries could give attackers access to sensitive data and inject malicious code.
Cisco patches high and critical flaws across several products
Left unmitigated, the vulnerabilities could lead to unauthorized remote access, denial of service attacks, or privilege escalation.
3CX hack highlights risk of cascading software supply-chain compromises
The attack that injected malicious code into the company's software appears to have been enabled by another compromised application.
Russian cyber spy group APT28 backdoors Cisco routers via SNMP
The spy agency has been exploiting an old vulnerability that allows bad actors to gain access through simple network management protocol credentials.
Hard-to-detect malware loader distributed via AI-generated YouTube videos
The new malware loads the Aurora infostealer and can avoid being executed in virtual machines or sandboxes for analysis.
Russian cyberspies hit NATO and EU organizations with new malware toolset
The APT29 espionage campaign is ongoing and the Polish military is urging potential targets to mitigate the risk.
Why you should patch the Windows QueueJumper vulnerability immediately
A critical flaw in Microsoft Message Queuing Service is likely to be exploited as many organizations could be unaware that it is active.
Google launches dependency API and curated package repository with security metadata
With the two new services, Google aims to help minimize risk from malicious code in the software supply chain.
Iranian APT group launches destructive attacks in hybrid Azure AD environments
The threat group MERCURY has the ability to move from on-premises to cloud Microsoft Azure environments.
CISA warns of critical flaws in ICS and SCADA software from multiple vendors
Some of the vulnerabilities could allow attackers to access systems with ease. Patches are not available for all the flaws.
Default static key in ThingsBoard IoT platform can give attackers admin access
Admins unable to update to the patched ThingsBoard version can manually change the default signing key.
Hackers steal crypto assets by defeating 2FA with rogue browser extension
The Rilide malware tricks victims into revealing their second-factor authentication to withdraw cryptocurrency in the background.
New Rorschach ransomware hits with unique features and very fast encryption
Researchers say the recently discovered strain raises the bar by automating some intrusion processes and moving very quickly compared to other attacks.
Spyware vendors use exploit chains to take advantage of patch delays in mobile ecosystem
Spyware vendors use a combination of zero-day exploits and known vulnerabilities. Google TAG researchers urge faster patching of mobile devices