Ionut Arghire

To boost user privacy, Apple is requiring app developers to declare a reason to use specific APIs.

CISA has shared analysis reports on three malware families obtained from an organization hacked via a recent Barracuda ESG vulnerability.

US and Australian government agencies provide guidance on addressing access control vulnerabilities in web applications.

The first attempts to exploit CVE-2023-24489, a recent critical Citrix ShareFile remote code execution vulnerability, have been observed.

Zimbra has released patches for a cross-site scripting (XSS) vulnerability that has been exploited in malicious attacks.

CoinsPaid says North Korean hacking group Lazarus is likely responsible for the recent theft of $37 million in cryptocurrency.

Threat intelligence services provider QuoIntelligence has raised €5 million ($5.5 million) in seed funding.

Internet-connected Peloton workout equipment is impacted by multiple security risks, such as having USB debugging enabled.

Canadian medical software provider CardioComm has taken systems offline to contain a cyberattack.

Maximus Inc says that the personal information of 8 to 11 million individuals was stolen in the MOVEit cyberattack.

Cyclops emerges from stealth mode with $6.4 million in seed funding and a generative AI-powered cybersecurity search platform.

Fortinet has published details on a series of critical- and high-severity vulnerabilities in the Microsoft Message Queuing service.

The Akira ransomware operators claim to have compromised 63 organizations since March 2023, mostly SMBs.

Over 900,000 devices are impacted by an arbitrary code execution vulnerability in MikroTik RouterOS.

Privacy management solutions provider OneTrust raises $150 million at a $4.5 billion valuation.

Amir Golshan, of Los Angeles, pleaded guilty to perpetrating multiple cybercrime schemes using SIM swapping.

Over 20,000 appliances are vulnerable to a new exploit technique targeting a recent Citrix ADC zero-day vulnerability CVE-2023-3519.

Atlassian patches high-severity remote code execution vulnerabilities in Confluence and Bamboo products.

Three vulnerabilities in Apache OpenMeetings could be exploited by attackers to take over an administrator account and execute arbitrary code remotely.

North Korean hackers are targeting employees at technology firms with repository invitations and malicious NPM packages.