The US federal prosecutors say that Chinese spies hacked dozen firms to steal aviation engineering secrets for the Chinese aerospace company.
Apple's ICMP packet-handling code contains a heap buffer overflow vulnerability (CVE-2018-4407).
Exploit can DoS any Mac, iOS device on a network by sending a crafted packet. The ping of death is back.
Microsoft is sharing Indian bank customers' data with U.S. intelligence agencies.
Looks like the banks were aware of it, when they have signed the Office 365 license agreements.
Google announced the launch of reCAPTCHA v3, which aims to improve user experience by removing the need for challenges. It uses the score based on the user on-site interactions.
The end-to-end encrypted instant messaging application Signal introduced a new "Sealed sender" privacy feature that is protecting the sender before traffic observation.
Multiple malicious python libraries found and removed from PyPI. Guys are typo-squatting popular repository names and deliver malware.
Great list of lessons learned over 20 years of red teaming by security expert Matt Devost.
Cisco Talos researchers found a code execution vulnerability in the anti-malware tool Sophos HitmanPro.Alert.
Researcher Jay Rosenberg documents clear connection between one of Lazarus Group's tools and an open source Chinese CasperPhpTrojan remote access trojan.
Apple releases specification of T2 security chip.
Researchers announced a fast attack breaking OCB2, an ISO-standard authenticated encryption scheme.
SfyLabs' researchers discovered a new Android banking Trojan named Red Alert 2.0, that is being offered for rent on many dark websites. It uses Twitter as a fall back mechanism for communication.
Windows cleanup utility CCleaner distributed by antivirus vendor Avast contained a multi-stage Floxif malware.
According to Slovak CSIRT, multiple Python packages in the PyPI Python repository was hit by typosquatting attack.
Medfusion 4000 Wireless Syringe Infusion Pumps used in acute critical care settings could be remotely controlled, patients killed.
Kaspersky researchers discovered a new attack technique leveraging an undocumented Microsoft Word feature that loads PHP scripts hosted on third-party web servers.
DigitalOcean warned that some pre-built and pre-configured application (One-Click) offered by the cloud platform are using default admin passwords.
A use after free error in Apache HTTP can leak pieces of arbitrary memory from the server. It's tracked as an CVE-2017-9798 "Optionsbleed" vulnerability.
Mr. SIP is a tool developed to audit and simulate SIP-based attacks.