Eduard Kovacs

Several hacker groups have joined in on the Israel-Hamas war that started over the weekend after the militant group launched a major attack.

CISA has removed from its KEV catalog five Owl Labs video conferencing flaws that require the attacker to be in Bluetooth range.

The Linux Foundation has announced OpenPubkey, an open source cryptographic protocol that should help boost supply chain security. 

Qakbot cybercriminals continue to push malware, which shows they are still operational after the recent takedown attempt.

Sony shares information on the impact of two recent unrelated hacker attacks carried out by known ransomware groups. 

International mobile network operator Lyca Mobile says a cyberattack has significantly disrupted its services in many countries.

Mozilla issues warning over fake Thunderbird downloads after a ransomware group was caught using this technique to deliver malware.

Qualcomm has patched more than two dozen vulnerabilities, including three zero-days that may have been exploited by spyware vendors.

ShellTorch attack chains critical TorchServe vulnerabilities and could completely compromise the AI infrastructure of major companies.

Twenty-eight cybersecurity-related merger and acquisition (M&A) deals were announced in September 2023.

Companies have addressed the impact of the exploited Libwebp vulnerability CVE-2023-4863 on their products. 

The number of internet-exposed ICS has dropped below 100,000, a significant decrease from the 140,000 in 2019.

Patches are being developed for serious Exim vulnerabilities that could expose many mail servers to attacks. 

In-the-wild exploitation of a critical vulnerability in the TeamCity CI/CD server started shortly after a patch was released by developers.

CISA has added CVE-2018-14667, an old critical JBoss RichFaces flaw to its known exploited vulnerabilities catalog.

NIST has published the final version of the SP 800-82 Revision 3 guide to operational technology (OT) security.

Johnson Controls has confirmed being hit by a disruptive cyberattack, with a ransomware group claiming to have stolen 27Tb of information from the company.

Verisoul, a company that has developed a SaaS platform for detecting and blocking fake users, has raised $3.25 million in seed funding. 

Roughly 80% of CISA staff will be sent home at the end of the week in case of a government shutdown. 

Google has rushed to patch a new Chrome zero-day vulnerability, tracked as CVE-2023-5217 and exploited by a spyware vendor.