The U.S. Cybersecurity and Infrastructure Security Agency (CISA) is urging federal agencies to secure their systems against an actively exploited security vulnerability in Windows that could be abused to gain elevated permissions on affected hosts. To that end, the agency has added CVE-2022-21882 (CVSS score: 7.0) to the Known Exploited Vulnerabilities Catalog, necessitating that Federal

Users of the Argo continuous deployment (CD) tool for Kubernetes are being urged to push through updates after a zero-day vulnerability was found that could allow an attacker to extract sensitive information such as passwords and API keys. The flaw, tagged as CVE-2022-24348 (CVSS score: 7.7), affects all versions and has been addressed in versions 2.3.0, 2.2.4, and 2.1.9. Cloud security firm

Microsoft on Friday shared more of the tactics, techniques, and procedures (TTPs) adopted by the Russia-based Gamaredon hacking group to facilitate a barrage of cyber espionage attacks aimed at several entities in Ukraine over the past six months. The attacks are said to have singled out government, military, non-government organizations (NGO), judiciary, law enforcement, and non-profit

A now-patched security vulnerability in Apple iOS that was previously found to be exploited by Israeli company NSO Group was also separately weaponized by a different surveillance vendor named QuaDream to hack into the company's devices. The development was reported by Reuters, citing unnamed sources, noting that "the two rival businesses gained the same ability last year to remotely break into

A number of India-based call centers and their directors have been indicted for their alleged role in placing tens of millions of scam calls aimed at defrauding thousands of American consumers. The indictment charged Manu Chawla, Sushil Sachdeva, Nitin Kumar Wadwani, Swarndeep Singh, Dinesh Manohar Sachdev, Gaje Singh Rathore, Sanket Modi, Rajiv Solanki and their respective call centers for