Latest News

CISA has added two more Palo Alto Networks Expedition flaws, CVE-2024-9463 and CVE-2024-9465, to its KEV catalog.

Over 4 million WordPress websites were impacted by a critical Really Simple Security plugin vulnerability providing full administrative access.

Palo Alto Networks has confirmed that a zero-day is being exploited in attacks after investigating claims of a firewall remote code execution flaw.

The Chinese APT behind the LightSpy iOS backdoor has expanded its toolset with DeepData, a modular Windows-based surveillance framework.

Iran-linked Charming Kitten hackers have been running a ‘dream job’ campaign targeting the aerospace industry with the SnailResin malware.

Cyber risk management solutions provider Bitsight is acquiring threat intelligence firm Cybersixgill for $115 million.

Security researcher investigated Microsoft Power Pages installations and found several with misconfigurations allowing unintentional access to confidential data.

Two Nigerian nationals, one in Mexico and one in North Dakota, have been charged for hacking into the systems of US tax preparation companies.

CISA and the FBI have confirmed that Chinese hackers compromised the networks of telecommunications companies to spy on specific targets.

Robert Purbeck was sentenced to 10 years in prison for stealing the personal information of over 132,000 people.

The exploit for a new zero-day vulnerability in Windows is executed by deleting files, drag-and-dropping them, or right clicking on them.

NIST says all known exploited CVEs in the backlog have been addressed, but admitted that clearing the entire backlog by October was optimistic.

Cybereason Chairman & CEO Eric Gan believes the merger could help its existing success in some international markets.

Exploitation attempts targeting CVE-2024-10914, a recently disclosed ‘won’t fix’ vulnerability affecting outdated D-Link NAS devices. 

Google Cloud will be assigning CVE identifiers to serious cloud vulnerabilities, even ones that don’t require patching.