SecurityWeek

The India-linked threat actor SloppyLemming has been targeting government, law enforcement, and other entities in Pakistan.

ZDI offers over $1 million in cash and prizes at the next Pwn2Own Automotive hacking contest, set for January 2025 in Tokyo.

CVE-2024-7593 is the third Ivanti product vulnerability patched in recent months that has been exploited in the wild.

Sweden is accusing Iran of hacking SMS service and sending out thousands of text messages calling for revenge over Quran burnings.

CrowdStrike says it has revamped several testing, validation, and update rollout processes to prevent a repeat of the July BSOD incident.

Bitsight finds critical vulnerabilities in several automatic tank gauge (ATG) products used in various critical infrastructure sectors.

HP has intercepted an email campaign comprising a standard malware payload delivered by an AI-generated dropper.

Microsoft says each Deputy CISO will oversee specific domains, ranging from gaming and cloud security to AI and government systems.

Iranian state-sponsored threat actor UNC1860 is operating as an initial access provider to high-profile networks in the Middle East.

MoneyGram’s money transfer services are down after the company took systems offline to contain a cyberattack.

Hackers can take control of Riello UPS devices by exploiting unpatched vulnerabilities, a cybersecurity company has warned.

Ransomware possibly involved in a cybersecurity incident at Arkansas City’s water treatment facility.

Many US users are voicing concerns over the silent, forced transition from Kaspersky’s security products to UltraAV.

Deloitte says no sensitive data exposed after a notorious hacker leaked what he claimed to be internal communications. 

Mandiant shines the spotlight on the growing infiltration of US and Western companies by North Korean fake IT workers.

The Necro trojan was found in two Android applications in Google Play with a combined downloads count of over 11 million.

In extreme situations, a foreign adversary could shut down or take simultaneous control of multiple vehicles operating in the United States, causing crashes and blocking roads.

Microchip Advanced Software Framework (ASF) 3 is affected by a critical vulnerability that could lead to remote code execution.

ESET has released patches for two local privilege escalation vulnerabilities in security products for Windows and macOS.

Versa Networks has released patches for a Versa Director vulnerability for which proof-of-concept (PoC) code exists.