Ionut Arghire

Researchers warn of malicious attacks exploiting a recently patched critical vulnerability in Apache Struts 2 leading to remote code execution (RCE).

CISA has updated its National Cyber Incident Response Plan in line with the changing threat landscape and is now seeking public comment.

EPA and CISA urge organizations in the water and wastewater systems sector to harden remote access to internet-exposed human-machine interfaces (HMIs).

FBI says HiatusRAT’s operators were seen scanning for web cameras and DVR systems affected by years-old vulnerabilities.

Texas Tech University says the personal, health, and financial information of 1.4 million was stolen from its health sciences centers.

Citrix issues warning on password spraying attacks targeting NetScaler and NetScaler Gateway appliances deployed by organizations worldwide.

Undocumented vulnerabilities in DrayTek devices were exploited in ransomware campaigns that compromised over 300 organizations.

SRP Federal Credit Union says the personal information of 240,000 was stolen in a recent cyberattack claimed by a ransomware gang.

ConnectOnCall has disclosed a data breach impacting the personal information of more than 900,000 individuals.

Researchers warn about critical vulnerabilities in Ruijie Networks’ Reyee cloud management platform and Reyee OS network devices.

Byte Federal says the personal information of 58,000 was compromised after a GitLab flaw allowed attackers to access a server.

The US announced the takedown of Rydox, a marketplace for stolen personal information, and the arrest of three administrators.

Germany’s cybersecurity agency BSI has sinkholed a botnet of 30,000 devices shipped with BadBox malware pre-installed.

Threat intel startup Silent Push has raised $10 million in a funding round co-led by Ten Eleven Ventures and Stepstone Group LP.

Lookout details EagleMsgSpy, a surveillance tool used by Chinese law enforcement to collect data from Android devices.

Law enforcement agencies in 15 countries cooperated in taking down 27 websites selling DDoS-for-hire services.

Two vulnerabilities in the Hunk Companion and WP Query Console WordPress plugins allow attackers to backdoor websites.

Academic researchers devise BadRAM, a new attack that uses $10 equipment to break AMD’s latest trusted execution environment protections.

Google pushes out major Chrome browser updates to fix multiple serious security defects.

Atlassian and Splunk on Tuesday announced patches for over two dozen vulnerabilities, including high-severity flaws.