Microsoft's February Update Fixes 6 Actively Exploited Zero Days, Update ASAP

Microsoft is patching nearly 60 CVEs in its February update for Windows 11, and six of them are zero day vulnerabilities.
The Hacker News

Researchers Observe In-the-Wild Exploitation of BeyondTrust CVSS 9.9 Vulnerability

Active exploitation of BeyondTrust enables unauthenticated RCE as CISA adds Apple, Microsoft, SolarWinds, and Notepad++ flaws ...

Microsoft Weekly: Windows 11's taskbar is upgrading, better Task Manager alternatives, more

Catch up with this week's Microsoft stories in our weekly recap, including long-anticipated taskbar fixes in Windows 11, ...

Wave of Citrix NetScaler scans use thousands of residential proxies

A coordinated reconnaissance campaign targeting Citrix NetScaler infrastructure over the past week used tens of thousands of ...
Dark Reading

Warlock Gang Breaches SmarterTools Via SmarterMail Bugs

The ransomware group breached SmarterTools through a vulnerability in the company's own SmarterMail product. SmarterTools recently disclosed a breach that occurred as a result of vulnerabilities the ...

SmarterTools network breached using auth-bypass attack against single unpatched virtual machine

Just one neglected server was enough to suffer a ransomware infection but this time, the damage was minimal.

Critical React Native Metro dev server bug under attack as researchers scream into the void

Too slow react-ion time Baddies are exploiting a critical bug in React Native's Metro development server to deliver malware ...
SDxCentral

Containers increasing the attack surface, developers caution

Human error was identified as the leading cause of container security issues, cited by 62% of respondents. Developers also ...
InfoQ

BellSoft Survey Finds Container Security Practices Are Undermining Developers’ Own Goals

Container security incidents are becoming a routine reality for software teams, and the tools meant to protect them may be making the problem worse.
Opinion

Someone's attacking SolarWinds WHD to steal high‑privilege credentials - but we don't know who or how

So many CVEs, so little time Digital intruders exploited buggy SolarWinds Web Help Desk (WHD) instances in December to break into victims' IT environments, move laterally, and steal high-privilege ...

Microsoft Warns Of Secure Boot Certificate Expiry Impacting PCs This Year

Microsoft reminds everyone that the initial wave of Secure Boot certificates, dropped in 2011, are due to expire.
The Hacker News

UAT-9921 Deploys VoidLink Malware to Target Technology and Financial Sectors

Cisco Talos links UAT-9921 to VoidLink, a modular Zig-based malware targeting Linux cloud systems with stealth plugins and C2 control.