- Malware and Breaches
- Novel ‘Nerbian’ Trojan Uses Advanced Anti-Detection Tricks [Elizabeth Montalbano, Threatpost]
- This sneaky new Go malware is causing havoc everywhere it goes [Sead Fadilpašić, TechRadar]
- Misconfigured ElasticSearch Servers Exposed 579 GB of Users’ Website Activity [Waqas, HackRead]
- Massive hacking campaign compromised thousands of WordPress websites [Pierluigi Paganini, Security Affairs]
- Vulnerabilities and Patches
- Microsoft Releases Fix for New Zero-Day with May 2022 Patch Tuesday Updates [Ravie Lakshmanan, The Hacker News]
- Researchers Develop RCE Exploit for the Latest F5 BIG-IP Vulnerability [Ravie Lakshmanan, The Hacker News]
- HP fixes bug letting attackers overwrite firmware in over 200 models [Bill Toulas, BleepingComputer]
- Microsoft: May Windows updates cause AD authentication failures [Sergiu Gatlan, BleepingComputer]
- Zyxel silently patches command injection vulnerability with 9.8 severity rating [Dan Goodin, Ars Technica]
- Other
- Password stealer now spreading from a GitHub link that uses NFT content as bait [Jonathan Greig, The Record]
- Exclusive: Welcome “Frappo” – Resecurity identified a new Phishing-as-a-Service [Pierluigi Paganini, Security Affairs]
- Anatomy of a campaign to inject JavaScript into compromised WordPress sites [Jeff Burt, The Register]
- Backdoor in public repository used new form of attack to target big firms [Dan Goodin, Ars Technica]
C410 A2BE CB73 EF77 746E 9682 E2C4 91CE D20D 800F
![[TI: logo for TI accredited teams]](../assets/img/TI-Accredited_120x120.jpg)
![[FIRST.org Logo]](../assets/img/first-org-simple.png)