SecurityWeek

New Paper and Tool Help Security Teams Move Beyond Blind Reliance on CISA’s KEV Catalog

The cybersecurity of business is not the function of CISA. CISA’s remit is to raise the security of FECB agencies, and KEV is ...
The Hacker News

Microsoft Discloses DNS-Based ClickFix Attack Using Nslookup for Malware Staging

Microsoft details a new ClickFix variant abusing DNS nslookup commands to stage malware, enabling stealthy payload delivery ...

Microsoft says hackers are exploiting critical zero-day bugs to target Windows and Office users

Critical security flaws targeting Windows and Office users allow hackers to take complete control of a victim's computer by ...

DOJ says Trenchant boss sold exploits to Russian broker capable of accessing ‘millions of computers and devices’

The former boss of the L3Harris-owned hacking and surveillance tools maker Trenchant faces nine years in prison for selling several exploits to a Russian broker, which counts the Russian government ...
The Hacker News

TeamPCP Worm Exploits Cloud Infrastructure to Build Criminal Infrastructure

Worm-driven TeamPCP campaign exploits Docker, Kubernetes, Redis, Ray, and React2Shell to build proxy infrastructure for data theft and ransomware.
MIT Technology Review

AI is already making online crimes easier. It could get much worse.

Some cybersecurity researchers say it’s too early to worry about AI-orchestrated cyberattacks. Others say it could already be ...

Microsoft’s February Patch Tuesday Fixes 6 Zero-Days Under Attack

Microsoft patches 58 vulnerabilities, including six actively exploited zero-days across Windows, Office, and RDP, as CISA sets a March 3 deadline.