SecurityWeek

A critical vulnerability in BeyondTrust Privileged Remote Access and Remote Support could lead to arbitrary command execution.

While the challenges are significant, organizations have an opportunity to build scalable AI governance frameworks that ensure compliance while enabling responsible AI innovation.

Researchers warn of malicious attacks exploiting a recently patched critical vulnerability in Apache Struts 2 leading to remote code execution (RCE).

IntelBroker has leaked 2.9 Gb of data stolen recently from a Cisco DevHub instance, but claims it’s only a fraction of the total. 

EU privacy watchdogs hit Facebook owner Meta with fines totaling 251 million euros after an investigation into a 2018 data breach that exposed millions of accounts.

CISA has updated its National Cyber Incident Response Plan in line with the changing threat landscape and is now seeking public comment.

Vitalii Antonenko has been sentenced to 69 months in prison for hacking, but he is being released as he has been detained since 2019.

Okta has warned customers that it has seen an increase in phishing attacks impersonating its support team.

Brand awareness is vital in cybersecurity because buyers—often risk-averse professionals like CISOs, IT managers, and procurement teams—rely on trusted brands when researching tools to protect their organizations.

EPA and CISA urge organizations in the water and wastewater systems sector to harden remote access to internet-exposed human-machine interfaces (HMIs).

FBI says HiatusRAT’s operators were seen scanning for web cameras and DVR systems affected by years-old vulnerabilities.

Texas Tech University says the personal, health, and financial information of 1.4 million was stolen from its health sciences centers.

CISA has warned organizations that two vulnerabilities affecting Adobe ColdFusion and Windows have been exploited in the wild. 

Israeli forensics firm Cellebrite has been linked to an Android zero-day used to secretly install spyware on Serbian journalists' phones.

Security operations firm Arctic Wolf has acquired Cylance from BlackBerry for $160 million in cash and 5.5 million common shares.

Citrix issues warning on password spraying attacks targeting NetScaler and NetScaler Gateway appliances deployed by organizations worldwide.

Undocumented vulnerabilities in DrayTek devices were exploited in ransomware campaigns that compromised over 300 organizations.

LKQ, a major provider of auto parts, told the SEC that a recent cyberattack caused disruptions at a Canadian business unit.

SRP Federal Credit Union says the personal information of 240,000 was stolen in a recent cyberattack claimed by a ransomware gang.

The Cl0p ransomware group has taken credit for exploitation of the Cleo product vulnerability tracked as CVE-2024-55956.