Ionut Arghire

CISA Warns of Second BeyondTrust Vulnerability Exploited in Attacks

Attackers have been exploiting a second vulnerability in BeyondTrust’s remote management solutions, CISA warns.

January 14, 2025

Critical Aviatrix Controller Vulnerability Exploited Against Cloud Environments

Attackers are exploiting a critical vulnerability in Aviatrix Controller to execute arbitrary code in AWS cloud environments.

January 14, 2025

Infostealer Infections Lead to Telefonica Ticketing System Breach

Infostealer malware allowed threat actors to compromise Telefonica employees’ credentials and access the company’s internal ticketing system.

January 14, 2025

Infostealer Masquerades as PoC Code Targeting Recent LDAP Vulnerability

A fake proof-of-concept (PoC) exploit for a recent LDAP vulnerability distributes information stealer malware.

January 13, 2025

Emerging FunkSec Ransomware Developed Using AI

Developed with the help of AI, the emerging FunkSec ransomware claimed over 80 victims in December 2024.

January 13, 2025

Juniper Networks Fixes High-Severity Vulnerabilities in Junos OS

Juniper Networks has patched multiple high-severity vulnerabilities in Junos OS and its third-party components.

January 13, 2025

Banshee macOS Malware Expands Targeting

The latest version of the Banshee macOS information stealer no longer checks if the infected systems have the Russian language installed.

January 10, 2025

Major Addiction Treatment Firm BayMark Confirms Ransomware Attack Caused Data Breach

Substance abuse treatment provider BayMark Health Services says patient personal information was compromised in a data breach.

January 10, 2025

PayPal Phishing Campaign Employs Genuine Links to Take Over Accounts

Fortinet warns of a phishing campaign that uses legitimate links to take over the victims’ PayPal accounts.

January 10, 2025

GFI KerioControl Firewall Vulnerability Exploited in the Wild

Threat actors are exploiting a recent GFI KerioControl firewall vulnerability that leads to remote code execution.

January 9, 2025

SonicWall Patches Authentication Bypass Vulnerabilities in Firewalls

SonicWall has released patches for multiple vulnerabilities in SonicOS, including high-severity authentication bypass flaws.

January 9, 2025

Palo Alto Networks Patches High-Severity Vulnerability in Retired Migration Tool

Palo Alto Networks has released patches for multiple vulnerabilities in the Expedition migration tool, which was retired on December 31, 2024.

January 9, 2025

Excelsior Orthopaedics Data Breach Impacts 357,000 People

Excelsior Orthopaedics says the information of roughly 357,000 patients and employees was stolen in a June 2024 data breach.

January 9, 2025

Cybersecurity Funding Reached $9.5 Billion in 2024: Report

Cybersecurity firms raised $9.5 billion in over 300 funding rounds in 2024, with Wiz scoring the largest investment at $1 billion.

January 8, 2025

CISA Warns of Mitel MiCollab Vulnerabilities Exploited in Attacks

CISA says two recently disclosed path traversal vulnerabilities in the Mitel MiCollab collaboration platform have been exploited in attacks.

January 8, 2025

Chrome 131, Firefox 134 Updates Patch High-Severity Vulnerabilities

Chrome and Firefox updates released this week resolve high-severity vulnerabilities in the two popular browsers.

January 8, 2025

First Android Update of 2025 Patches Critical Code Execution Vulnerabilities

This year’s first batch of monthly security updates for Android resolves 36 vulnerabilities, including critical remote code execution flaws.

January 8, 2025

Dell, HPE, MediaTek Patch Vulnerabilities in Their Products

MediaTek, HPE and Dell release advisories to inform customers about potentially serious vulnerabilities found and patched in their products.

January 7, 2025

Washington Attorney General Sues T-Mobile Over 2021 Data Breach

Washington State Attorney General Bob Ferguson has filed a lawsuit against T-Mobile over a 2021 data breach that impacted over 76 million consumers.

January 7, 2025

CISA: No Federal Agency Beyond Treasury Impacted by BeyondTrust Incident

CISA says no federal agencies other than Treasury were impacted by the recent compromise of a BeyondTrust cloud-based service.

January 7, 2025

SECURITYWEEK NETWORK:

ICS:

Ionut Arghire

CISA Warns of Second BeyondTrust Vulnerability Exploited in Attacks

Critical Aviatrix Controller Vulnerability Exploited Against Cloud Environments

Infostealer Infections Lead to Telefonica Ticketing System Breach

Infostealer Masquerades as PoC Code Targeting Recent LDAP Vulnerability

Emerging FunkSec Ransomware Developed Using AI

Juniper Networks Fixes High-Severity Vulnerabilities in Junos OS

Banshee macOS Malware Expands Targeting

Major Addiction Treatment Firm BayMark Confirms Ransomware Attack Caused Data Breach

PayPal Phishing Campaign Employs Genuine Links to Take Over Accounts

GFI KerioControl Firewall Vulnerability Exploited in the Wild

SonicWall Patches Authentication Bypass Vulnerabilities in Firewalls

Palo Alto Networks Patches High-Severity Vulnerability in Retired Migration Tool

Excelsior Orthopaedics Data Breach Impacts 357,000 People

Cybersecurity Funding Reached $9.5 Billion in 2024: Report

CISA Warns of Mitel MiCollab Vulnerabilities Exploited in Attacks

Chrome 131, Firefox 134 Updates Patch High-Severity Vulnerabilities

First Android Update of 2025 Patches Critical Code Execution Vulnerabilities

Dell, HPE, MediaTek Patch Vulnerabilities in Their Products

Washington Attorney General Sues T-Mobile Over 2021 Data Breach

CISA: No Federal Agency Beyond Treasury Impacted by BeyondTrust Incident

Featured

Cybercrime

Canadian Airline WestJet Hit by Cyberattack

Government

Industry Reactions to Trump Cybersecurity Executive Order: Feedback Friday

Vulnerabilities

Critical Vulnerability Exposes Many Mitel MiCollab Instances to Remote Hacking

Artificial Intelligence

The AI Arms Race: Deepfake Generation vs. Detection

IoT Security

New ‘SmartAttack’ Steals Air-Gapped Data Using Smartwatches

Cybercrime

Interpol Targets Infostealers: 20,000 IPs Taken Down, 32 Arrested, 216,000 Victims Notified

Artificial Intelligence

Cyera Raises $540 Million to Expand AI-Powered Data Security Platform

Latest News

Cloud Security

Google’s $32 Billion Wiz Deal Draws DOJ Antitrust Scrutiny: Report

Tracking & Law Enforcement

Archetyp Dark Web Market Shut Down by Law Enforcement

Data Breaches

Asheville Eye Associates Says 147,000 Impacted by Data Breach

Data Breaches

Zoomcar Says Hackers Accessed Data of 8.4 Million Users

Data Breaches

240,000 Impacted by Data Breach at Eyecare Tech Firm Ocuco

Ransomware

Anubis Ransomware Packs a Wiper to Permanently Delete Files

Artificial Intelligence

Red Teaming AI: The Build Vs Buy Debate

Daily Briefing Newsletter