SecurityWeek

Personal information such as names, email addresses, and phone numbers was accessed by hackers.

The vulnerability can be exploited remotely, without authentication, to circumvent existing authentication controls.

Starbucks said the incident involved phishing attacks targeting an employee portal, affecting hundreds.

Other noteworthy stories that might have slipped under the radar: Telus Digital data breach, vulnerabilities in Linux AppArmor allow root privileges, US defense contractor behind Coruna exploits.

Pro-Iranian hackers are targeting sites in the Middle East and starting to stretch into the United States during the war, raising the risk of American defense contractors, power stations and water plants.

The startup relies on AI to turn devices into active agents that understand users’ actions and provide protection in real time.

Google paid over $3.7 million for Chrome vulnerabilities, and more than $3.5 million for cloud security defects.

Evidence indicates that the attackers leveraged existing endpoint management software rather than malware to wipe devices.

The startup is building a control pane to help organizations oversee autonomous AI agents and rapidly adopt them.

Law enforcement agencies in the US and Europe targeted the cybercrime service that has impacted 360,000 devices since 2020.

The flaws can be exploited to manipulate data and bypass security restrictions, potentially leading to code execution.

The company has released iOS and iPadOS versions 16.7.15 and 15.8.7 to patch the vulnerabilities.

The social media giant has disabled more than 150,000 accounts powering scam centers in Asia.

The issue allows attackers to inject SQL queries and extract sensitive information from the database.

Applying SOC-level rigor to the rumors, politics, and 'human intel' can make or break a security team.

Critical- and high-severity flaws could be exploited to execute arbitrary shell commands or elevate privileges.

The security defects could lead to denial-of-service (DoS) conditions, command execution, or device takeover.

The bugs allowed unauthenticated attackers to execute arbitrary code, steal credentials, and take over servers.

The 2024 incident was initially linked to China, but an infostealer infection has now revealed North Korean involvement.

The leadership structure, commonly referred to as the “dual-hat” arrangement, assigns a single individual to oversee both organizations.