SecurityWeek

Kaspersky is shutting down operations in the US and laying off employees following the recent Commerce Department ban.

Over 310 GB of data from mSpy, including 2.4 million email addresses and other user data, was leaked online.

IoT cybersecurity company Exein has raised €15 million (~$16.3 million) in a Series B funding round led by 33N.

The massive AT&T breach has been linked to an American hacker living in Turkey and reports say the telecom giant paid a $370,000 ransom.

A second remote code execution vulnerability, tracked as CVE-2024-6409, was found in OpenSSH during an analysis of the regreSSHion flaw.

Vyacheslav Igorevich Penchukov was sentenced to nine years in prison for his role in the Zeus and IcedID malware operations.

Google's parent company Alphabet is reportedly in advanced talks to acquire the hotshot Israeli data security startup.

Noteworthy stories that might have slipped under the radar: Apple's spyware warning, CDK Global's ransom payment, Platinum giant Sibanye hit by cyberattack.

Successful exploitation could allow attackers to deliver executable attachments to inboxes.

Advance Auto Parts says the personal information of 2.3 million was compromised after hackers accessed its Snowflake account.

CISA says a SILENTSHIELD red team assessment found gaping holes in the security posture of a federal civilian executive branch organization.

Data breach exposed records of call and text interactions for nearly all AT&T’s wireless customers and has been linked to the recent attacks targeting Snowflake customers.

Akira and EstateRansomware cybercrime gangs have been exploiting a year-old Veeam Backup & Replication vulnerability in recent attacks.

London startup Tracebit has raised $5 million in seed funding for its cloud-native threat detection and deception solution.

A threat actor tracked as CrystalRay has hit 1,500 victims since February, stealing credentials and deploying backdoors.

GitLab issues an advisory for a critical-severity vulnerability that allows an attacker to trigger a pipeline as another user.

In response to recent intrusions, CISA and the FBI are urging businesses and device manufacturers to eliminate OS command injection vulnerabilities at the source.

Palo Alto Networks patched a critical vulnerability in its Expedition tool and addressed the impact of the recently disclosed BlastRADIUS vulnerability.

VMware warns that authenticated malicious users could enter specially crafted SQL queries and perform unauthorized read/write operations in the database.

Israeli startup raises $16 million in seed funding to build what is being described as a “cyber crisis readiness and management” platform.