Critical flaw in Protobuf library enables JavaScript code execution

Proof-of-concept exploit code has been published for a critical remote code execution flaw in protobuf.js, a widely used ...

All four Rogers siblings challenge executor compensation, including to Larry Tanenbaum, in mother’s estate

Two of Loretta Rogers’s children have filed their objections in court; two others have served their challenges to her ...

Over 10,000 Zimbra servers vulnerable to ongoing XSS attacks

Over 10,000 Zimbra Collaboration Suite (ZCS) instances exposed online are vulnerable to ongoing attacks exploiting a ...
SecurityWeek

Bitwarden NPM Package Hit in Supply Chain Attack

The Bitwarden CLI NPM package compromise is tied to a Checkmarx supply chain attack and references the Shai-Hulud worm.
The Caledonian-Record

ICE acting director Todd Lyons will resign at end of May, DHS says

U.S. Immigration and Customs Enforcement acting director Todd Lyons, a key executor of President Donald Trump’s mass deportations agenda, will resign at the end of May, federal officials announced ...

Fifth Third explores 'multiple options' for main office as bank begins branch expansion

From Frisco to Dallas, Fifth Third Bank is laying groundwork for a major regional presence following its Comerica deal.
SecurityWeek

Organizations Warned of Exploited Cisco, Kentico, Zimbra Vulnerabilities

CISA has added eight more vulnerabilities to the KEV catalog, including Cisco, Kentico, and Zimbra flaws not previously ...
The Hacker News

Mustang Panda’s New LOTUSLITE Variant Targets India Banks, South Korea Policy Circles

Updated LOTUSLITE targets India banking sector via CHM and DLL side-loading, expanding espionage campaign to South Korea and ...

Adobe Issues Emergency Patch for Critical PDF Flaw Exploited For Months

Adobe patches a critical PDF flaw exploited for months, allowing attackers to bypass sandbox protections and deliver malware.
The Caledonian-Record

US soldier allegedly bet on Maduro operation using intel

A US soldier faces charges for using classified information to bet on online prediction markets related to the US operation ...
Computer Weekly

April Patch Tuesday brings zero-days in Defender, SharePoint Server

The latest monthly Patch Tuesday update from Microsoft landed earlier on 14 April, including two notable zero-day flaws amid ...
The Hacker News

UNC6692 Impersonates IT Help Desk via Microsoft Teams to Deploy SNOW Malware

UNC6692 has been attributed to a large email campaign that's designed to overwhelm a target's inbox with a flood of spam ...