SecurityWeek

SAP patches multiple vulnerabilities in the Business Technology Platform, including a critical elevation of privilege bug.

New iMessage Contact Key Verification feature in Apple's iOS and macOS platforms help catch impersonators on its iMessage service.

Critical remote code execution flaws in Backup Migration and Elementor plugins expose WordPress sites to attacks.

ICS Patch Tuesday: Siemens and Schneider Electric address dozens of vulnerabilities affecting their industrial products.

Air Force disciplines 15 personnel as the inspector general finds that security failures led to massive classified documents leak.

A recent emergence on the threat landscape, the Sandman APT appears linked to a Chinese hacking group.

Toyota Germany is informing customers that their personal data has been stolen in a ransomware attack last month.

The FBI has issued guidance for SEC data breach reporting requirements and how disclosures can be delayed.

New "Sentinel" nuclear missiles will operate within a closed network but have additional security measures at the boundary and inside the network, enabling effective operation in a cyber-contested environment.

Cupertino’s flagship mobile OS vulnerable to arbitrary code execution and data exposure security vulnerabilities.

Researchers call attention to 14 security defects that can be exploited to drop and freeze 5G connections on smartphones and routers.

Compromised data includes names, dates of birth, Social Security numbers, health and insurance information, and driver’s license numbers.

Google has patched several high and moderate-severity Chromecast vulnerabilities demonstrated earlier this year at a hacking competition. 

North Korean hackers have used Dlang-based malware in attacks against manufacturing, agriculture, and physical security organizations.

Stepping outside the confines of our comfort zone and embracing a mindset that prioritizes adaptability, shared responsibility, risk-awareness, and preparedness is indispensable in fortifying defenses in the modern distributed network.

Critical vulnerabilities in a Delta OT monitoring product can allow hackers to hide their destructive activities from the victim.

Apache has addressed a critical-severity Struts 2 file upload vulnerability that could lead to remote code execution.

A top White House national security official said recent cyber attacks by Iranian hackers on US water authorities should be seen as a call to action by utilities and industry to tighten cybersecurity.

The leak website of the notorious BlackCat/Alphv ransomware group has been offline for days and law enforcement is reportedly behind the takedown.

Researchers have warned that powerful AI models could be used to supercharge online disinformation, cyberattacks or creation of bioweapons.