Latest News

The US State Department said that hackers took around 60,000 emails in an attack which Microsoft has blamed on China.

Progress Software ships patches for critical-severity flaws in its WS_FTP file transfer software and warns that a pre-authenticated attacker could wreak havoc on the underlying operating system.

Verisoul, a company that has developed a SaaS platform for detecting and blocking fake users, has raised $3.25 million in seed funding. 

Intrusion detection company Lumu has raised $30 million in a Series B funding round led by Forgepoint Capital.

Roughly 80% of CISA staff will be sent home at the end of the week in case of a government shutdown. 

Migrating to a quantitative cyber risk model of analysis allows for more accurate data, which leads to more informed decision-making.

Cisco has released patches for vulnerability in the GET VPN feature of IOS and IOS XE software that has been exploited in attacks.

Russian zero-day acquisition firm Operation Zero is now offering $20 million for full Android and iOS exploit chains.

Sysdig enhanced its existing CNAPP offering with a cloud attack graph, risk prioritization, attack path analysis, a searchable inventory, and complete agentless scanning.

Google has rushed to patch a new Chrome zero-day vulnerability, tracked as CVE-2023-5217 and exploited by a spyware vendor. 

The NSA and FBI warn that a Chinese state-sponsored APT called BlackTech is hacking into network edge devices and using firmware implants to silently hop around the corporate networks of U.S. and Japanese companies.

CISA unveils a new Hardware Bill of Materials (HBOM) framework for buyers and sellers to communicate about components in physical products.

Israeli security startup Gem Security has raised a total of $34 million to tackle cloud threat detection and incident response.

Attackers can find tons of information on Tesla cars and their drivers by searching for misconfigured TeslaMate instances online.

Firefox 118 patches six high-severity vulnerabilities, including a memory leak potentially leading to sandbox escape.