The Register reports that the U.S. has sentenced Glib Oleksandr Ivanov-Tolpintsev to four years imprisonment for his involvement in the sale of stolen credentials across over 6,700 compromised servers.
Three security vulnerabilities impacting SonicWall's Secure Mobile Access 1,000 appliances, one of which is a high-severity authentication bypass flaw, have been detailed as part of a warning from SonicWall, reports The Hacker News.
SecurityWeek reports that malicious actors could exploit a medium-severity vulnerability in Siemens Desigo PXC4.E16 programmable building automation controllers that could make the device unavailable for days.
Fraudulent Binance non-fungible token mystery box bots are being promoted on YouTube as part of a new campaign aimed at distributing the RedLine malware, BleepingComputer reports.
Threat actors have created a fake version of the Pixelmon non-fungible token website under pixelmon[.]pw, which then spreads that Vidar malware with cryptocurrency wallet-exfiltrating capabilities, according to BleepingComputer.
Iranian advanced persistent threat group OilRig, also known as Cobalt Gypsy, Helix Kitten, and APT34, has attacked a Jordanian diplomat with a malicious Excel document deploying the new Saitama backdoor, reports SecurityWeek.