Amazon, Amazon Music, and Audible, an Amazon-owned online audiobook and podcast service, have been flooded with bogus listings that push dubious "forex trading" sites, Telegram channels, and suspicious links claiming to offer pirated software.

D-Link is warning customers to replace end-of-life VPN router models after a critical unauthenticated, remote code execution vulnerability was discovered that will not be fixed on these devices.

The first flaw, tracked as CVE-2024-0012, is an authentication bypass found in the PAN-OS management web interface that remote attackers can exploit to gain administrator privileges without requiring authentication or user interaction.

?Broadcom has warned that attackers are now exploiting two VMware vCenter Server vulnerabilities, one of which is a critical remote code execution flaw. The RCE vulnerability was reported during China's 2024 Matrix Cup hacking contest.

Spotify playlists and podcasts are being abused to push pirated software, game cheat codes, and "warez" sites. By injecting targeted keywords and links in playlist names and podcast descriptions, threat actors may benefit from boosting SEO.

'Innocent looking PR' caught injecting backdoor On Tuesday, Alex Cheema, co-founder of EXO Labs warned everyone of an "innocent looking" code change submitted to EXO's GitHub repository.

Fake AI image and video generators infect Windows and macOS with the Lumma Stealer and AMOS information-stealing malware, used to steal credentials and cryptocurrency wallets from infected devices.

Threat actors increasingly use Scalable Vector Graphics (SVG) attachments to display phishing forms or deploy malware while evading detection. Most images on the web are JPG or PNG files, which are made of grids of tiny squares called pixels.

A threat group known as SilkSpecter, speculated to be from China, is using thousands of fake online stores to steal credit card information from shoppers in the U.S. and Europe.

The new malware named Glove Stealer can get around Google Chrome's App-Bound encryption to steal browser cookies. Security researchers found this malware during a phishing campaign and noted that it is still in the early stages of development.