SecurityWeek

Noteworthy stories that might have slipped under the radar: Google AI bug bounties, font vulnerabilities, IBM opens new training facility.

Change Healthcare says it has made significant progress in restoring systems impacted by a recent ransomware attack.

Chinese APT Evasive Panda compromises a software developer’s supply chain to target Tibetans with malicious downloaders.

Multiple vulnerabilities in Sceiner firmware allow attackers to compromise smart locks and open doors.

A group of 40 state attorneys general have sent a letter to Meta expressing concern over Facebook and Instagram account takeovers.

An upgraded ESC security chip makes the firmware of several HP business PCs resilient to quantum computer attacks.

Zama raises $73 million in Series A funding for a fully homomorphic encryption (FHE) solution for AI and blockchain applications.

FBI’s IC3 publishes its 2023 Internet Crime Report, which reveals a 10% increase in the number of cybercrime complaints compared to 2022.

Ohio security vendor Cayosoft banks new capital to fuel growth of its flagship Active Directory forest recovery product suite.

Henry Echefu admitted in a US courtroom to participating in a $200,000 business email compromise fraud scheme.

High-severity flaws in Cisco Secure Client could lead to code execution and unauthorized remote access VPN sessions.

Threat actor tracked as TA4903 spoofing US government entities in phishing and fraud campaigns.

Apple is opening small cracks in the iPhone’s digital fortress as part of a regulatory clampdown in Europe— at the risk of creating new avenues for hackers to steal personal and financial information stored on the devices.

The role of the CISO continuously evolves in tandem with the growing reliance on cybersecurity as a business enabler. But it is possible that the SEC has pitched a curveball with its increasing assertiveness?

Critical TeamCity authentication bypass vulnerability CVE-2024-27198 exploited in the wild after details were disclosed.

Fidelity says 28,000 individuals were impacted by data breach at third-party services provider Infosys McCamish System.

A new malware campaign has been observed targeting misconfigured Apache Hadoop, Confluence, Docker, and Redis instances.

XIoT cybersecurity company Claroty has raised another $100 million at a reported valuation of $2.5 billion.

Incident response experts at Sygnia provide a detailed blow-by-blow of a BlackCat ransomware attack and share tips for survival.

Sweet Security announces a $33 million Series A funding round just six months after emerging from stealth with an initial $12 million seed funding.