- Security News:
- China’s APT41 Embraces Baffling Approach for Dropping Cobalt Strike Payload [Jai Vijayan, Dark Reading]
- Security Firms Find Over 20 Malicious PyPI Packages Designed for Data Theft [Ionut Arghire, SecurityWeek]
- The Zoom installer let a researcher hack his way to root access on macOS [The Verge, Corin Faife]
- Over 9,000 VNC servers exposed online without a password [Bill Toulas, Bleeping Computer]
- Phishing:
- PayPal Phishing Scam Uses Invoices Sent Via PayPal [Brian Krebs, KrebsOnSecurity]
- Breaches & Leaks:
- New MailChimp breach exposed DigitalOcean customer email addresses [Lawrence Abrams, Bleeping Computer]
- UK water company confirms cyberattack after confusion over ransomware group threats [Jonathan Greig, The Record]
- 1,900 Signal users’ phone numbers exposed by Twilio phishing [Kevin Purdy, Ars Technica]
- The Zoom installer let a researcher hack his way to root access on macOS [Hanno Labuschagne, MyBroadband]
- Vulnerabilities & Patches:
- Safari 15.6.1 addresses a zero-day flaw actively exploited in the wild [Pierluigi Paganini, Security Affairs]
- New Google Chrome Zero-Day Vulnerability Being Exploited in the Wild [Ravie Lakshmanan, The Hacker News]
- Others:
- Playing Janet Jackson music video crashed hard drives in nearby computers [Rual de Vries, MyBroadband]
C410 A2BE CB73 EF77 746E 9682 E2C4 91CE D20D 800F