Ionut Arghire

Cisco Patches Critical Vulnerability in Enterprise Collaboration Products

A critical flaw in Cisco Unified Communications and Contact Center Solutions products could lead to remote code execution.

January 25, 2024

Thousands of GitLab Instances Unpatched Against Critical Password Reset Bug

Over 5,000 GitLab servers have yet to be patched against CVE-2023-7028, a critical password reset vulnerability.

January 25, 2024

Firefox 122 Patches 15 Vulnerabilities

Updates released for Firefox and Thunderbird resolve 15 vulnerabilities, including five high-severity bugs.

January 25, 2024

Orca Flags Dangerous Google Kubernetes Engine Misconfiguration

Attackers could take over a Kubernetes cluster if access privileges are granted to all authenticated users in Google Kubernetes Engine.

January 24, 2024

PoC Code Published for Just-Disclosed Fortra GoAnywhere Vulnerability

PoC code exploiting a critical Fortra GoAnywhere MFT vulnerability gets published one day after public disclosure.

January 24, 2024

340,000 Jason’s Deli Customers Potentially Impacted by Credential Stuffing Attack

Jason’s Deli says hackers targeted users in credential stuffing attacks, likely compromising their personal information.

January 24, 2024

Chrome 121 Patches 17 Vulnerabilities

Google releases Chrome 121 to the stable channel with 17 security fixes, including 11 reported by external researchers.

January 24, 2024

Vulnerabilities in Lamassu Bitcoin ATMs Can Allow Hackers to Drain Wallets

Hackers could exploit Lamassu Douro ATM vulnerabilities to take over devices, steal bitcoin from users.

January 23, 2024

AI Testing Startup RagaAI Emerges From Stealth With $4.7M in Seed Funding

AI testing platform RagaAI raises $4.7 million in seed funding to help identify AI issues and improve security and reliability.

January 23, 2024

High-Severity Vulnerability Patched in Splunk Enterprise

The latest Splunk Enterprise releases patch multiple vulnerabilities, including a high-severity flaw in the Windows version.

January 23, 2024

Aviation Leasing Giant AerCap Hit by Ransomware Attack

AerCap, the largest aviation leasing company in the world, was hit by a ransomware attack on January 17th.

January 23, 2024

SEC Says X Account Hacked via SIM Swapping

SEC says hackers used SIM swapping to take over its X (formerly Twitter) account on January 9.

January 23, 2024

Owner of Cybercrime Website BreachForums Sentenced to Supervised Release

Conor Brian Fitzpatrick, the owner of the cybercrime website BreachForums, was sentenced to time served and supervised release.

January 22, 2024

Chinese Spies Exploited VMware vCenter Server Vulnerability Since 2021

CVE-2023-34048, a vCenter Server vulnerability patched in October 2023, had been exploited as zero-day for a year and a half.

January 22, 2024

Critical Vulnerabilities Found in Open Source AI/ML Platforms

Security researchers flag multiple severe vulnerabilities in open source AI/ML solutions MLflow, ClearML, Hugging Face.

January 19, 2024

VF Corp Says Data Breach Resulting From Ransomware Attack Impacts 35 Million

Apparel and footwear brands owner VF Corp shares more details on the impact of a December 2023 ransomware attack.

January 19, 2024

US Gov Publishes Cybersecurity Guidance for Water and Wastewater Utilities

CISA, FBI and EPA document aims to help water and wastewater organizations improve their cyber resilience and incident response.

January 19, 2024

Software Supply Chain Security Startup Kusari Raises $8 Million

Kusari has raised $8 million to help organizations gain visibility into and secure their software supply chain.

January 18, 2024

Energy Department to Invest $30 Million in Clean Energy Cybersecurity Solutions

Organizations can earn up to $3 million in federal funding for cyber tools securing the clean energy infrastructure.

January 18, 2024

List Containing Millions of Credentials Distributed on Hacking Forum, but Passwords Old

Naz.API credential stuffing list containing 70 million unique email addresses and old passwords found on hacking forum.

January 18, 2024

SECURITYWEEK NETWORK:

ICS:

Ionut Arghire

Cisco Patches Critical Vulnerability in Enterprise Collaboration Products

Thousands of GitLab Instances Unpatched Against Critical Password Reset Bug

Firefox 122 Patches 15 Vulnerabilities

Orca Flags Dangerous Google Kubernetes Engine Misconfiguration

PoC Code Published for Just-Disclosed Fortra GoAnywhere Vulnerability

340,000 Jason’s Deli Customers Potentially Impacted by Credential Stuffing Attack

Chrome 121 Patches 17 Vulnerabilities

Vulnerabilities in Lamassu Bitcoin ATMs Can Allow Hackers to Drain Wallets

AI Testing Startup RagaAI Emerges From Stealth With $4.7M in Seed Funding

High-Severity Vulnerability Patched in Splunk Enterprise

Aviation Leasing Giant AerCap Hit by Ransomware Attack

SEC Says X Account Hacked via SIM Swapping

Owner of Cybercrime Website BreachForums Sentenced to Supervised Release

Chinese Spies Exploited VMware vCenter Server Vulnerability Since 2021

Critical Vulnerabilities Found in Open Source AI/ML Platforms

VF Corp Says Data Breach Resulting From Ransomware Attack Impacts 35 Million

US Gov Publishes Cybersecurity Guidance for Water and Wastewater Utilities

Software Supply Chain Security Startup Kusari Raises $8 Million

Energy Department to Invest $30 Million in Clean Energy Cybersecurity Solutions

List Containing Millions of Credentials Distributed on Hacking Forum, but Passwords Old

Featured

Vulnerabilities

Splunk Enterprise Vulnerability Exploited in Attacks Days After Disclosure

Funding/M&A

Accenture to Acquire Majority Stake in Dragos, All of runZero, NetRise in $4.1 Billion OT Cybersecurity Push

Data Breaches

Kodak Admits Data Breach After ShinyHunters Hack Claims

Vulnerabilities

Microsoft Working on Patch for ‘RoguePlanet’ Zero-Day

Vulnerabilities

3 Recently Patched Fortinet FortiSandbox Vulnerabilities in Hacker Crosshairs

Hacker Conversations

Hacker Conversations: Isira Adithya, the Evolution of an Ethical Hacker

Artificial Intelligence

AI and Cybersecurity – Everything You Wanted to Know, But Were Afraid to Ask

Latest News

Malware & Threats

FortiBleed: 86,000 Fortinet Device Credentials Compromised

Supply Chain Security

Cybersecurity Firms Impacted by Klue Supply Chain Attack

Funding/M&A

Cisco to Acquire WideField Security to Boost Splunk’s Agentic SOC

Malware & Threats

15,000 WordPress Websites Cleaned Up in SocGholish Botnet Takedown

Vulnerabilities

Majority of Internet-Accessible REDCap Servers Outdated

Funding/M&A

Accenture to Acquire Majority Stake in Dragos, All of runZero, NetRise in $4.1 Billion OT Cybersecurity Push

Vulnerabilities

No Exploits Required

Daily Briefing Newsletter