The onslaught was delivered through HTTPS, which puts more strain on a target, and it suggests that attackers are getting more powerful.
Ars Technica
WatchGuard Didn’t Explicitly Disclose a Flaw Exploited by Hackers
The security vendor kept a critical vulnerability in its firewall appliances quiet even as it was under attack from a Russian hacking group.
A Sinister Way to Beat Multifactor Authentication Is on the Rise
Lapsus$ and the group behind the SolarWinds hack have utilized prompt bombing to defeat weaker MFA protections in recent months.
A Developer Altered Open Source Software to Wipe Files in Russia
The author of a popular application pushed out an update containing malicious code in an effort to sabotage computers in the country.
Hackers Find a New Way to Deliver Devastating DDoS Attacks
Cybercriminals are exploiting a fleet of more than 100,000 misconfigured servers to knock websites offline.
Millions of WordPress Sites Got a Forced Update for a Serious Bug
The mandatory patch addressed a critical vulnerability in a widely used plugin that allowed untrusted visitors to download a website’s backups.
US Agencies Say Russian Hackers Compromised Defense Contractors
Kremlin-backed cyber actors lurked in the networks for months, obtaining sensitive documents related to weapons and infrastructure development.
Hackers Rigged Hundreds of Ecommerce Sites to Steal Payment Info
The attackers exploited a known vulnerability and installed credit card skimmers on more than 500 websites.
An Insidious Mac Malware Is Growing More Sophisticated
When UpdateAgent emerged in late 2020, it utilized basic infiltration techniques. Its developers have since expanded it in dangerous ways.
A Bug in iOS 15 Is Leaking User Browsing Activity in Real Time
Apple has known about the vulnerability, which also affects iPadOS 15 and Safari 15, since late November.