SecurityWeek

A Belarusian hacker activist group claims to have infiltrated the network of the country’s main KGB security agency and accessed personnel files of over 8,600 employees.

A new Android trojan named Brokewell can steal user’s sensitive information and allows attackers to take over devices.

More than 1,400 CrushFTP servers remain vulnerable to an actively exploited zero-day for which PoC has been published.

More than 90,000 unique IPs are still infected with a PlugX worm variant that spreads via infected flash drives.

Noteworthy stories that might have slipped under the radar: Volkswagen hacked by Chinese threat group, DDoS service shut down, Rubrik IPO.

UK cybersecurity firm Darktrace has agreed to sell itself to private equity giant Thoma Bravo for approximately $5.32 billion in cash.

A vulnerability in the WordPress Automatic plugin is being exploited to inject backdoors and web shells into websites.

Predictive attack intelligence and risk protection startup BforeAI has raised $15 million in a Series A funding round led by SYN Ventures.

Palo Alto Networks has shared remediation instructions for organizations whose firewalls have been hacked via CVE-2024-3400.

A new phishing campaign abuses compromised email accounts and targets corporate users with PDF files hosted on Autodesk Drive.

The FTC is sending a total of $5.6 million in refunds to over 117,000 Ring customers as result of a 2023 settlement.

The Brocade SANnav management application is affected by multiple vulnerabilities, including a publicly available root password.

Zero trust endpoint security company ThreatLocker has announced a $115 million Series D funding round that brings the total to $240 million. 

IBM is acquiring HashiCorp for $6.4 billion for its infrastructure lifecycle management and security lifecycle management capabilities.

Pope Francis has called for an international treaty to ensure AI is developed and used ethically, devoting his annual peace message this year to the topic.

Cisco warns that nation state-backed hackers are exploiting at least two zero-day vulnerabilities in its ASA firewall platforms to plant malware on telecommunications and energy sector networks.

KnowBe4 boasts that the merger will create “the largest, advanced AI-driven cybersecurity platform for managing human risk.”

As a security industry, we need to focus our energies on those professionals among us who know how to walk the walk.

A North Korea-linked threat actor hijacked the update mechanism of eScan antivirus to deploy backdoors and cryptocurrency miners.

Irish startup Tines raises $50 million in new venture capital funding as investors make big bets on automation and orchestration startups.