Ionut Arghire

Researchers call attention to 14 security defects that can be exploited to drop and freeze 5G connections on smartphones and routers.

Compromised data includes names, dates of birth, Social Security numbers, health and insurance information, and driver’s license numbers.

North Korean hackers have used Dlang-based malware in attacks against manufacturing, agriculture, and physical security organizations.

Apache has addressed a critical-severity Struts 2 file upload vulnerability that could lead to remote code execution.

French startup ProvenRun raises €15 million investment to build secure software for connected vehicles and IoT devices.

WordPress 6.4.2 patches a flaw that could be chained with another vulnerability to execute arbitrary code.

Russian threat actor APT28 has been exploiting a no-interaction Outlook vulnerability in attacks against 14 countries.

A Bluetooth authentication bypass allows attackers to connect to vulnerable Android, Linux, and Apple devices and inject keystrokes.

Government agencies in the Five Eyes countries have published new guidance on creating memory safety roadmaps.

Nissan Oceania says it has been working on restoring its systems after falling victim to a cyberattack.

Pool Party is a new set of eight Windows process injection techniques that evade endpoint detection and response solutions.

Atlassian has released patches for critical-severity remote code execution flaws in Confluence and other products.

The Shadowserver Foundation warns of an increase in the number of devices hacked via recent Cisco IOS XE vulnerabilities.

Chrome 120 was released in the stable channel with patches for 10 vulnerabilities, including five externally reported flaws.

A new GAO report reveals that 20 out of 23 US federal agencies have not fully implemented incident response plans.

CISA has added to its Known Exploited Vulnerabilities Catalog four Qualcomm bugs, including three exploited as zero-days.

ArmorCode raises $40 million in a Series B funding round to help organizations ship secure applications.

Lasso warns of more than 1,600 leaked Hugging Face API tokens belonging to hundreds of organizations.

BlackBerry attributes cyberattack against an aerospace organization in the US to a new threat actor named AeroBlade.

Android’s December 2023 security updates resolve 94 vulnerabilities, including several critical-severity bugs.