HollowByte DDoS flaw bloats OpenSSL server memory with 11-byte payload
A vulnerability dubbed HollowByte allows unauthenticated attackers to trigger a denial-of-service (DoS) condition on OpenSSL servers with a malicious payload of just 11 bytes.
Ernst & Young discloses data breach after support system hack
Ernst & Young is notifying customers of a data breach caused by the compromise of a third-party support ticket system used by its IT personnel.
Inside the Search for "Clean" Residential Proxies for Carding
Residential proxies are no longer the silver bullet they once were for carding. Flare explains why cybercriminals increasingly seek
New Windows LegacyHive zero-day gives hackers admin privileges
A security researcher using the
Windows Server 2022 reach end of mainstream support in 90 days
Microsoft announced that Windows Server 2022 will reach the mainstream end date in October 2026, but will switch to extended support and continue receiving security updates for five more years.
US charges two over laundering $43 million from investment fraud
U.S. prosecutors on Thursday charged a New York man and woman for their roles in a large-scale crime ring that laundered money stolen in cyber investment fraud scams.
CISA urges immediate action on actively exploited Fortinet flaws
CISA on Thursday ordered government agencies to prioritize patching two actively exploited vulnerabilities in the Fortinet FortiSandbox threat detection platform.
New ClickLock macOS malware traps users into revealing login password
A new macOS information-stealing malware dubbed ClickLock terminates all visible processes to force users into entering their system login password.
Coca-Cola says Fairlife ransomware attack halts US dairy production
The Coca-Cola Company disclosed today that a ransomware attack impacting its Fairlife dairy subsidiary has disrupted operations, temporarily suspending production of Fairlife products across the United States.
Claude Chrome extension flaw lets malicious extensions trigger AI actions
A flaw in Anthropic's Claude for Chrome browser extension could allow a malicious extension to trigger predefined AI actions by simulating user clicks, potentially allowing it to abuse Claude's access to connected services such as Gmail, Go...
15 loaded