Eduard Kovacs

A new Linux kernel vulnerability tracked as StackRot and CVE-2023-3269 shows the exploitability of use-after-free-by-RCU (UAFBR) bugs.

An actively exploited vulnerability in the Contec SolarView solar power monitoring product can expose hundreds of energy organizations to attacks.

Twenty-three cybersecurity-related merger and acquisition (M&A) deals were announced in June 2023.

CISA adds 6 Samsung mobile device flaws to its known exploited vulnerabilities catalog and they have likely been exploited by a spyware vendor.

LockBit ransomware group claims to have hacked TSMC and is asking for a $70 million ransom, but the chip giant says only a supplier...

Details have been disclosed for critical SAP vulnerabilities, including a wormable exploit chain, that can expose organizations to attacks.

The White House has released a memorandum outlining the cybersecurity investment priorities for government departments and agencies for fiscal year 2025.

More victims of the MOVEit hack have come to light, with a total of over 130 organizations and 15 million people believed to be...

Astrix Security raises $25 million in Series A funding for its solution designed to help enterprises secure non-human identities.

Energy giants Schneider Electric and Siemens Energy confirm being targeted by the Cl0p ransomware group in the campaign exploiting a MOVEit zero-day.

BeeKeeperAI has raised $12.1 million in Series A funding for a secure collaboration platform designed for AI development on healthcare and other sensitive data.

Identity verification solutions provider Socure has acquired automated ID verification firm Berbix for roughly $70 million in cash and stock.

Some services at Petro-Canada gas stations have been disrupted following a cyberattack on parent company Suncor, one of North America’s largest energy companies.

CISA has warned users of Zyxel NAS products that the recently patched critical vulnerability CVE-2023-27992 has been exploited in attacks.

The Cl0p ransomware gang has listed more than two dozen victims of the MOVEit zero-day attack on its leak website.

Attacks exploiting the Barracuda zero-day CVE-2023-2868 have been linked to a Chinese cyberespionage group that has targeted government and other organizations.

Fake security researcher accounts seen distributing malware disguised as Chrome, Signal, WhatsApp, Discord and Exchange zero-day exploits.

Detection-focused threat intelligence firm Silent Push, which maps out the entire internet every day, has launched with $10 million in seed funding.

ICS Patch Tuesday: Siemens and Schneider Electric have published more than a dozen advisories addressing over 200 vulnerabilities.

The Russia-linked ICS malware named CosmicEnergy does not pose a direct threat to OT systems as it contains errors and lacks maturity.