Leaked "DarkSword" exploits published to GitHub allow hackers and cybercriminals to target iPhone users running old versions of iOS with spyware, according to cybersecurity researchers.

New intelligence suggests a pro-Iranian actor is responsible for the L.A. Metro cyberattack. 

Critical ColdFusion vulnerabilities are the most at risk of being exploited in attacks, according to the software giant.

The post Adobe Patches 55 Vulnerabilities Across 11 Products appeared first on SecurityWeek.

Education company McGraw-Hill has confirmed in a statement to BleepingComputer that hackers exploited a Salesforce misconfiguration and accessed its internal data. [...]

Experts say this is the second-largest Microsoft Patch Tuesday ever based on CVE count.

The post Microsoft Patches Exploited SharePoint Zero-Day and 160 Other Vulnerabilities appeared first on SecurityWeek.

A new commodity phishing kit called “Venom Stealer” allows threat actors to automate ClickFix attacks, according to researchers at BlackFog. ClickFix is a social engineering technique that tricks users into executing malicious commands on their computer, usually resulting in malware installation.