SecurityWeek

In-the-wild exploitation of a critical vulnerability in the TeamCity CI/CD server started shortly after a patch was released by developers.

Silverfort has released the source code for its lateral movement detection tool LATMA, to help identify and analyze intrusions.

Bankrupt and out of financing options, IronNet has terminated all employees and plan to file for Chapter 7 protection.

AWS says an internal threat intel decoy system called MadPot has successfully trapped nation state-backed APTs like Volt Typhoon and Sandworm.

Nexusflow scores funding to build an open-source LLM that can deliver high accuracy when retrieving data from multiple security sources.

Noteworthy stories that might have slipped under the radar: new RSA encryption attack, Meta’s AI privacy safeguards, and ShinyHunters hackers’ guilty plea. 

A group of academic researchers devised a technique to extract sounds from still images captured using smartphone cameras with rolling shutter and movable lens structures.

The NSA is starting an artificial intelligence security center — a crucial mission as AI capabilities are increasingly acquired, developed and integrated into U.S. defense and intelligence systems.

CISA has added CVE-2018-14667, an old critical JBoss RichFaces flaw to its known exploited vulnerabilities catalog.

Hackers have set their sights on CVE-2023-34468, an RCE vulnerability in Apache NiFi that impacts thousands of organizations. 

Gaps in Cloudflare’s security controls allow users to bypass protections and target others from the platform itself.

A sharply divided privacy oversight board is recommending that the FBI and other agencies be required to get court approval before reviewing the communications of U.S. citizens collected through a secretive foreign surveillance program.

NIST has published the final version of the SP 800-82 Revision 3 guide to operational technology (OT) security.

The FBI warns organizations of cyberattacks that employ multiple ransomware families or deploy dormant data wipers.

Johnson Controls has confirmed being hit by a disruptive cyberattack, with a ransomware group claiming to have stolen 27Tb of information from the company.

The US State Department said that hackers took around 60,000 emails in an attack which Microsoft has blamed on China.

Progress Software ships patches for critical-severity flaws in its WS_FTP file transfer software and warns that a pre-authenticated attacker could wreak havoc on the underlying operating system.

Verisoul, a company that has developed a SaaS platform for detecting and blocking fake users, has raised $3.25 million in seed funding. 

Intrusion detection company Lumu has raised $30 million in a Series B funding round led by Forgepoint Capital.

Roughly 80% of CISA staff will be sent home at the end of the week in case of a government shutdown.