SecurityWeek

Hacktivists stole and leaked online the personal information of 45,000 Idaho National Laboratory employees.

Attackers are attempting to exploit a critical RCE flaw in Apache Struts 2 after researchers publish PoC code.

A ransomware group claims to have breached the systems of Kraft Heinz, but the food giant says it’s unable to verify the claims. 

GambleForce uses SQL injections to hack gambling, government, retail, and travel websites to steal sensitive information.

More often than not, we are grateful for and celebrate the wrong people. It is incumbent on all of us to take the time to appreciate and acknowledge the doers in our lives.

Dell is informing PowerProtect DD product customers about 8 vulnerabilities, including many rated ‘high severity’, and urging them to install patches.

Microsoft disrupts Storm-1152, a cybercrime-as-a-service business facilitating phishing, identity theft, and DDoS attacks.

US, UK, and Poland warn of Russia-linked cyberespionage group’s broad exploitation of recent TeamCity vulnerability.

Major software vendors sign on to a new security initiative to create trusted best practices for artificial intelligence deployments.

Malware hunters have set eyes on an impossible to kill botnet packed with end-of-life SOHO routers and linked it to a Chinese APT targeting US critical infrastructure.

Apple is testing a new security feature that should limit what iPhone thieves can do with a stolen phone, even if they have the passcode.

MITRE and partners unveil EMB3D, a new threat model designed for critical infrastructure embedded devices.

Cybersecurity startup Zero Networks has raised $20 million in a Series B funding round led by US Venture Partners.

CISA is asking for public opinion on SCuBA secure configuration baselines for nine Google Workspace services.

A Chrome 120 security update resolves nine vulnerabilities, including five high-severity flaws reported externally.

US Senate confirms former CIA and NSA senior executive Harry Coker as next National Cyber Director in the White House ONCD.

Sophos has patched EOL Firewall versions against a critical flaw exploited in the wild, after identifying a new exploit.

Kyivstar, the largest mobile network operator in Ukraine, was hit by a massive cyberattack on Tuesday, disrupting mobile and internet communications for millions of citizens.

Microsoft warns of critical spoofing and remote code execution bugs in the Windows MSHTML Platform and Microsoft Power Platform Connector.

Adobe warned users on both Windows and macOS systems about exposure to code execution, memory leaks and denial-of-service security issues.