SecurityWeek

Apple complained that requests from Meta Platforms for access to its operating software threaten user privacy, in a spat fueled by the European Union’s intensifying efforts to get the iPhone maker to open up to products from tech rivals.

Noteworthy stories that might have slipped under the radar: McDonald’s API hacking, Netflix fined nearly $5 million in Netherlands, experimental malware killing ICS process. 

Bitsight has discovered a BadBox botnet consisting of over 190,000 Android devices, mainly Yandex smart TVs and Hisense smartphones.

The Play ransomware group claims to have stolen sensitive data from donut and coffee retail chain Krispy Kreme.

A second individual accused of being involved in NetWalker ransomware attacks, a Romanian national, has received a 20-year prison sentence.

CISA is urging federal agencies to patch a recent critical vulnerability in BeyondTrust remote access products in one week.

Rockwell’s PowerMonitor is affected by critical vulnerabilities that can enable remote access to industrial systems for disruption or further attacks.

Benchmarking is all about taking back control – you’re measuring to gain complete awareness of your development teams’ security skills and practices.

In light of recent Chinese hacking into US telecom infrastructure, CISA has released guidance on protecting mobile communications.

Raccoon Infostealer MaaS operator Mark Sokolovsky was sentenced to 60 months in prison in the US and agreed to pay over $910,000 in restitution.

Cisco has announced its intention to acquire threat detection company SnapAttack to boost Splunk security product capabilities. 

Fortinet has released patches for a critical-severity path traversal vulnerability in FortiWLM that was reported last year.

Alphabet spinoff SandboxAQ has announced raising $300 million in funding at a valuation of $5.3 billion.

Google has released a Chrome 131 update to patch multiple high-severity memory safety vulnerabilities, including three affecting the V8 JavaScript engine.

Juniper Networks says a Mirai botnet is ensnaring session smart router devices that are using default passwords.

San Francisco startup scores a Series B round to thwart money mule accounts, deep-fake identities, account takeovers and payment fraud.

The Russian government accuses the US threat-intel firm of participating in the collection and analysis of data on the actions of the Russia's armed forces. 

Healthcare insurance firm Regional Care has disclosed a data breach impacting more than 225,000 individuals.

Learn how to develop a holistic solution that provides you and your team the power to mitigate cyber threats effectively within your OT environment.

CISA’s Binding Operational Directive 25-01 requires federal agencies to align cloud environments with SCuBA secure configuration baselines.