SecurityWeek

Acronis warns of a critical-severity Acronis Cyber Infrastructure (ACI) vulnerability being exploited in attacks.

HealthEquity says the personal and health information of 4.3 million individuals was compromised in a data breach.

178 cybersecurity M&A deals were announced in the first half of 2024, the smallest half year number since SecurityWeek started tracking them. 

Wiz has detailed SeleniumGreed, a campaign in which threat actors target exposed Selenium Grid instances for cryptomining.

TechOperators leads a $6 million Series A funding round for Evo Security, a provider of IAM solutions for MSPs.

Progress Software calls attention to a critical remote code execution flaw in the Telerik Report Server product.

Threat actors have started exploiting critical-severity vulnerabilities in ServiceNow shortly after public disclosure.

Noteworthy stories that might have slipped under the radar: FBI article on agency’s Cyber Action Team, data of Pentagon IT provider Leidos leaked, Nigerian cybercriminal sentenced to 12 years in prison.

The US is offering a reward of up to $10 million for information on Rim Jong Hyok, a member of the North Korean hacking group APT45.

A vulnerability dubbed PKfail can allow attackers to run malicious code during the boot process, which can be used to deliver UEFI bootkits.

CrowdStrike says 97% of Windows systems impacted by its bad update are back online, just as an insurer predicts billions in losses for major companies.

A man who allegedly carried out attacks for a North Korean military intelligence agency has been indicted in a conspiracy to hack healthcare firms, NASA, military bases and other entities.

Software supply chain security startup Chainguard raises a $140 million Series C round that values the company at $1.2 billion.

The latest BIND security updates address remotely exploitable vulnerabilities leading to denial-of-service.

Stargazer Goblin has created a network of over 3,000 GitHub accounts to distribute malware through phishing repositories.

A fresh Mandiant report documents North Korea's APT45 as a distinct hacking team conducting cyberespionage and ransomware operations.

Google has announced improved protections for Chrome users when downloading files from the internet.

Phone lines down in multiple courts across California after ransomware attack on state’s largest trial court in Los Angeles County.

Nvidia has patched high-severity vulnerabilities in its Jetson, Mellanox OS, OnyX, Skyway, and MetroX products.

The vulnerability, tagged as CVE-2024-41110 with a CVSS severity score of 10/10, was originally found and fixed in 2018.