SecurityWeek

A backdoor deployed on a compromised WordPress website poses as a legitimate plugin to hide its presence.

Apple has released iOS 16.7.1 and iPadOS 16.7.1 to patch CVE-2023-42824, a kernel vulnerability that has been exploited in attacks.

A recently observed phishing campaign targeting Microsoft accounts is using LinkedIn smart links to bypass defenses.

Industrial routers made by Chinese company Yifan are affected by several critical vulnerabilities that can expose organizations to attacks. 

How much do CISOs make? Survey provides compensation trends for Chief Information Security Officers, but don't take surveys at full face value.

Simpson Manufacturing is experiencing disruptions after taking IT systems offline following a cyberattack.

Venture capital firm SYN Ventures announces first closing of $75 million cybersecurity seed fund for US cybersecurity companies.

Flaw poses a direct threat to the SOCKS5 proxy handshake process in cURL and can be exploited remotely in some non-standard configurations.

Spanish airline Air Europa is informing customers that their payment card information has been stolen as a result of a hacker attack.

Citrix has released patches for a critical information disclosure vulnerability in NetScaler ADC and NetScaler Gateway.

CISA, FBI, NSA, and US Treasury published new guidance on improving the security of open source software in OT and ICS.

Google has released Chrome 118 to the stable channel with patches for 20 vulnerabilities, including one rated ‘critical severity’.

Organizations respond to HTTP/2 Rapid Reset zero-day vulnerability exploited to launch the largest DDoS attacks seen to date. 

While there is quite a bit of buzz and hype around AI, it is a technology that can add tremendous value to security programs.

CISA has added five bugs to its Known Exploited Vulnerabilities catalog, including the recent WordPad, Skype, and HTTP/2 zero-days.

ICS Patch Tuesday: Siemens and Schneider Electric release over a dozen advisories addressing more than 40 vulnerabilities.

Microsoft says an APT group tracked as Storm-0062 has been hacking Confluence installations since mid-September, three weeks before Atlassian’s disclosure.

Microsoft patches more than 100 vulnerabilities across the Windows ecosystem and warns that three are already being exploited in the wild.

The war with Hamas will inevitably absorb manpower and focus from the cybersecurity sector.

Adobe Commerce customers exposed to code execution, privilege escalation, arbitrary file system read, and security feature bypass attacks.