Ionut Arghire

Google releases OSV-SCALIBR, an open source library for software composition analysis and file system scanning.

The US Treasury has sanctioned two individuals and four entities involved in the North Korean fake IT worker scheme.

Three vulnerabilities in SimpleHelp could allow attackers to compromise the remote access software’s server and the client machine.

Authentication solutions provider Wultra has raised €3 million (~$3.1 million) for its post-quantum technology.

Cannabis retailer Stiiizy says hackers stole the personal information of 380,000 consumers from one of its vendors.

North Korea-linked Lazarus Group is targeting freelance software developers to compromise the supply chain.

A vulnerability in Google’s OAuth implementation allows takeover of old employee accounts when domain ownership changes.

Google has released Chrome 132 with fixes for 16 vulnerabilities, including multiple high-severity security defects.

Nvidia, Zoom, and Zyxel have released patches for multiple high-severity vulnerabilities across their products.

The US, Japan, and South Korea say North Korean hackers stole roughly $660 million in cryptocurrency last year.

Ivanti has released patches for multiple vulnerabilities in Endpoint Manager (EPM), including four critical-severity flaws.

SAP has released 14 security notes on January 2025 Patch Day, including two addressing critical vulnerabilities in NetWeaver.

A ransomware group tracked as Codefinger is using compromised AWS keys to encrypt S3 bucket data using SSE-C.

Attackers have been exploiting a second vulnerability in BeyondTrust’s remote management solutions, CISA warns.

Attackers are exploiting a critical vulnerability in Aviatrix Controller to execute arbitrary code in AWS cloud environments.

Infostealer malware allowed threat actors to compromise Telefonica employees’ credentials and access the company’s internal ticketing system.

A fake proof-of-concept (PoC) exploit for a recent LDAP vulnerability distributes information stealer malware.

Developed with the help of AI, the emerging FunkSec ransomware claimed over 80 victims in December 2024.

Juniper Networks has patched multiple high-severity vulnerabilities in Junos OS and its third-party components.

The latest version of the Banshee macOS information stealer no longer checks if the infected systems have the Russian language installed.