A new strain of infostealer targeting Macs, known as MetaStealer, is hitting enterprises.
Decipher editors Dennis Fisher and Lindsey O'Donnell-Welch break down a busy news week, including Microsoft's revelations about the theft of its signing key, the Trickbot group sanctions, and some new Apple iOS zero days.
Apple has rolled out iOS 16.6.1, iPadOS 16.6.1, watchOS 9.6.2 and macOS Ventura 13.5.2 to address the security flaws.
Fixes for both the Zoho and Fortinet vulnerabilities have been available since last year.
The Department of the Treasury and the U.K. government have sanctioned 11 alleged members of the Trickbot group and say the group is allied with Russian intelligence.
Microsoft answered lingering questions about how China-based threat actors acquired a Microsoft account consumer signing key, leading to the previously disclosed hack of several Outlook accounts.
A threat group, active for six years, has created an underground marketplace where it sells at least 16 custom tools and an advanced phishing kit to a clientele of at least 500 threat actors.
Attackers are continuing to adjust their tactics in their attacks against Citrix devices vulnerable to the CVE-2023-3519 flaw.
The Xen Project has released an update to address a bug (CVE-2023-34321) that can allow a guest to read sensitive data from another's guest's memory.
Exploit code has been published for a critical-severity flaw in VMware's network monitoring tool, the company said on Thursday.
Decipher editors Dennis Fisher and Lindsey O'Donnell-Welch discuss the FBI's disruption of the Qakbot malware operation and what it might mean for the larger malware ecosystem.
Welcome back to Source Code, Decipher's weekly news wrap podcast with input from our sources.
Splunk has released updates to fix an odd bug that allows an attacker to inject special codes into log files, potentially leading to remote code execution.
Researchers recently examined more than 400 malware families and found that 25 percent of them abused legitimate internet services as part of their attack infrastructure.
The newly discovered threat group compromises companies and then moves laterally on the network, exfiltrating data, logging keystrokes and more along the way.