SecurityWeek

SolarWinds has announced patches for a critical-severity remote code execution vulnerability in Access Rights Manager.

The Ivanti Cloud Service Appliance vulnerability CVE-2024-8190 has been exploited in the wild, with attacks starting just days after disclosure.

Apple said there's “too significant a risk” of exposing the anti-exploit work needed to fend off the very adversaries involved in the case.

Microsoft is revamping how anti-malware tools interact with the Windows kernel to avoid another CrowdStrike faulty update catastrophe. 

Noteworthy stories that might have slipped under the radar: a possible Adobe Reader zero-day, researchers mistakenly hijack .mobi TLD, and an exploited WhatsApp View Once bypass.

Apple has released a patch for Vision Pro after researchers showed how an attacker can obtain passwords typed by looking at keys.

The recently observed Hadooken malware targeting Oracle WebLogic applications is linked to multiple ransomware families.

A joint report from the Committees on China and Homeland Security warns of the security risks posed by Chinese cranes in US ports.

The designation of UK data centers as Critical National Infrastructure strengthens cyber defenses, but a proposed £3.75B data center on protected Green Belt land sparks debate.

A 17-year-old from England has been arrested by the NCA over the recent cyberattack on Transport for London.

Doctor Web warns of the new Vo1d Android malware infecting roughly 1.3 million TV boxes running older OS versions.

GitLab has released security updates to resolve multiple vulnerabilities in GitLab CE/EE, including a critical-severity pipeline execution flaw.

Fortinet has confirmed suffering a data breach impacting customers after a hacker leaked files allegedly stolen from the company.

The prospect of criminal charges comes as the Justice Department has raised alarms about aggressive efforts by countries including Russia and Iran to meddle in the presidential election.

Google is rolling out new features in Chrome to better protect users online and to improve their control over personal data.

Operant AI, a startup specializing in runtime protection for cloud applications, APIs, and AI systems, secures new $10 million investment.

Realm.Security has emerged from stealth with $5 million in funding and a solution that helps organizations manage security data. 

Relentless in their methods, attackers will continue employing evasion tactics to circumvent traditional security measures.

Palo Alto Networks has fixed medium- and high-severity vulnerabilities in PAN-OS, Cortex XDR, ActiveMQ Content Pack, and Prisma Access Browser.

Aembit has raised $25 million in Series A funding to protect non-human identities and minimize attack surface.