LIVE EVENT, MONDAY JULY 11: Join Threatpost and Intel Security’s Tom Garrison in a live conversation about innovation enabling stakeholders to stay ahead of a dynamic threat landscape and what Intel learned from their latest study in partnership with Ponemon Institue.

https://threatpost.com/webinars/secure-systems-start-with-hardware/

Attacks against U.S. companies spike in Q1 2022 with patchable and preventable external vulnerabilities responsible for bulk of attacks.

https://threatpost.com/lead-causes-of-q1-attacks/180096/

Researchers warn threat actors are using a novel remote code execution exploit to gain initial access to victim’s environments.

https://threatpost.com/mitel-voip-bug-exploited/180079/

CISA warns that threat actors are ramping up attacks against unpatched Log4Shell vulnerability in VMware servers.

https://threatpost.com/log4shell-targeted-vmware-data/180072/

The APT is pairing a known Microsoft flaw with a malicious document to load malware that nabs credentials from Chrome, Firefox and Edge browsers.

https://threatpost.com/fancy-bear-nuke-threat-lure/180056/

Culture of ‘insecure-by-design’ security is cited in discovery of bug-riddled operational technology devices.

https://threatpost.com/discovery-of-56-ot-device-flaws-blamed-on-lackluster-security-culture/180035/

Evidence suggests that a just-discovered APT has been active since 2013.

https://threatpost.com/apt-flew-under-radar-decade/179995/

A government-aligned attacker tried using a Microsoft vulnerability to attack U.S. and E.U. government targets.

https://threatpost.com/follina-exploited-by-state-sponsored-hackers/179890/

The vulnerability remains unpatched on many versions of the collaboration tool and has potential to create a SolarWinds-type scenario.

https://threatpost.com/public-exploits-atlassian-confluence-flaw/179887/

Hackers escalate phishing and scamming attacks to exploit popular Discord bot and persuade users to click on the malicious links.

https://threatpost.com/scammers-target-nft-discord-channel/179827/

Threat actors already are exploiting vulnerability, dubbed ‘Follina’ and originally identified back in April, to target organizations in Russia and Tibet, researchers said.

https://threatpost.com/microsoft-workaround-0day-attack/179776/

The malvertiser’s use of PowerShell could push it beyond its basic capabilities to spread ransomware, spyware or steal data from browser sessions, researchers warn.

https://threatpost.com/chromeloader-hijacker-threats/179761/

Malware loads itself from remote servers and bypasses Microsoft’s Defender AV scanner, according to reports.

https://threatpost.com/zero-day-follina-bug-lays-older-microsoft-office-versions-open-to-attack/179756/

Cisco Talos discovered eight vulnerabilities in the Open Automation Software, two of them critical, that pose risk for critical infrastructure networks.

https://threatpost.com/critical-flaws-in-popular-ics-platform-can-trigger-rce/179750/

The Google Project Zero researcher found a bug in XML parsing on the Zoom client and server.

https://threatpost.com/zoom-patches-zero-click-rce-bug/179727/

2022’s DBIR also highlighted the far-reaching impact of supply-chain breaches and how organizations and their employees are the reasons why incidents occur.

https://threatpost.com/verizon-dbir-report-2022/179725/

Privilege escalation flaw discovered in the Jupiter and JupiterX Core Plugin affects more than 90,000 sites.

https://threatpost.com/vulnerability-wordpress-themes-site-takeover/179672/

Researchers say a GitHub proof-of-concept exploitation of recently announced VMware bugs is being abused by hackers in the wild.

https://threatpost.com/vmware-bugs-abused-mirai-log4shell/179652/

Microsoft researchers say they are tracking a botnet that is leveraging bugs in the Spring Framework and WordPress plugins.

https://threatpost.com/sysrv-k-botnet-targets-windows-linux/179646/

Wireless features Bluetooth, NFC and UWB stay on even when the device is powered down, which could allow attackers to execute pre-loaded malware.

https://threatpost.com/iphones-attack-turned-off/179641/