SecurityWeek

Advance Auto Parts says the personal information of 2.3 million was compromised after hackers accessed its Snowflake account.

CISA says a SILENTSHIELD red team assessment found gaping holes in the security posture of a federal civilian executive branch organization.

Data breach exposed records of call and text interactions for nearly all AT&T’s wireless customers and has been linked to the recent attacks targeting Snowflake customers.

Akira and EstateRansomware cybercrime gangs have been exploiting a year-old Veeam Backup & Replication vulnerability in recent attacks.

London startup Tracebit has raised $5 million in seed funding for its cloud-native threat detection and deception solution.

A threat actor tracked as CrystalRay has hit 1,500 victims since February, stealing credentials and deploying backdoors.

GitLab issues an advisory for a critical-severity vulnerability that allows an attacker to trigger a pipeline as another user.

In response to recent intrusions, CISA and the FBI are urging businesses and device manufacturers to eliminate OS command injection vulnerabilities at the source.

Palo Alto Networks patched a critical vulnerability in its Expedition tool and addressed the impact of the recently disclosed BlastRADIUS vulnerability.

VMware warns that authenticated malicious users could enter specially crafted SQL queries and perform unauthorized read/write operations in the database.

Israeli startup raises $16 million in seed funding to build what is being described as a “cyber crisis readiness and management” platform.

Citrix rolls out patches for multiple security vulnerabilities, including critical and high-severity issues in the NetScaler product line.

Few people understand AI, nor how to use nor control it, nor where it is going. Yet politicians wish to regulate it.

The US and allies blame Russian state-sponsored threat actors for using Meliorator AI software to create a social media bot farm.

Several ICS vendors released advisories on Tuesday to inform customers about vulnerabilities found in industrial and OT products.

A cyber resilience strategy is vital for business continuity and can provide a range of benefits before, during, and after a cyberattack.

Patch Tuesday: Microsoft patches more than 140 security vulnerabilities in the Windows ecosystem, including a pair of exploited zero-days.

Adobe documents at least seven code execution bugs affecting Adobe Premiere Pro, Adobe InDesign and Adobe Bridge on Windows and macOS.

Security vendor InkBridge Networks calls urgent attention to the discovery of a decades-old design flaw (CVE-2024-3596) in the popular RADIUS protocol.

Command Zero has emerged from stealth mode with $21 million in a seed funding round led by Andreessen Horowitz.