Critical flaw in Protobuf library enables JavaScript code execution

Proof-of-concept exploit code has been published for a critical remote code execution flaw in protobuf.js, a widely used ...

Over 10,000 Zimbra servers vulnerable to ongoing XSS attacks

Over 10,000 Zimbra Collaboration Suite (ZCS) instances exposed online are vulnerable to ongoing attacks exploiting a ...

All four Rogers siblings challenge executor compensation, including to Larry Tanenbaum, in mother’s estate

Two of Loretta Rogers’s children have filed their objections in court; two others have served their challenges to her ...
SecurityWeek

Bitwarden NPM Package Hit in Supply Chain Attack

The Bitwarden CLI NPM package compromise is tied to a Checkmarx supply chain attack and references the Shai-Hulud worm.
SecurityWeek

Organizations Warned of Exploited Cisco, Kentico, Zimbra Vulnerabilities

CISA has added eight more vulnerabilities to the KEV catalog, including Cisco, Kentico, and Zimbra flaws not previously ...
The Caledonian-Record

ICE acting director Todd Lyons will resign at end of May, DHS says

U.S. Immigration and Customs Enforcement acting director Todd Lyons, a key executor of President Donald Trump’s mass deportations agenda, will resign at the end of May, federal officials announced ...

Fifth Third explores 'multiple options' for main office as bank begins branch expansion

From Frisco to Dallas, Fifth Third Bank is laying groundwork for a major regional presence following its Comerica deal.
The Hacker News

Mustang Panda’s New LOTUSLITE Variant Targets India Banks, South Korea Policy Circles

Updated LOTUSLITE targets India banking sector via CHM and DLL side-loading, expanding espionage campaign to South Korea and ...

Adobe Issues Emergency Patch for Critical PDF Flaw Exploited For Months

Adobe patches a critical PDF flaw exploited for months, allowing attackers to bypass sandbox protections and deliver malware.
Computer Weekly

April Patch Tuesday brings zero-days in Defender, SharePoint Server

The latest monthly Patch Tuesday update from Microsoft landed earlier on 14 April, including two notable zero-day flaws amid ...
The Caledonian-Record

US soldier allegedly bet on Maduro operation using intel

A US soldier faces charges for using classified information to bet on online prediction markets related to the US operation ...