SecurityWeek

Second identifier, CVE-2024-3272, assigned to unpatched D-Link NAS device vulnerabilities, just as exploitation attempts soar. 

Speaker Mike Johnson is expected to bring forward a Plan B that would reform and extend Section 702 of the Foreign Intelligence Surveillance Act for a shortened period of two years.

Palo Alto Networks warns of limited exploitation of a critical command injection vulnerability leading to code execution on firewalls.

Checkmarx warns of a new attack relying on GitHub search manipulation to deliver malicious code.

A critical vulnerability in multiple programming languages allows attackers to inject commands in Windows applications.

LastPass this week revealed that one of its employees was targeted in a phishing attack involving deepfake technology.

The US government says Midnight Blizzard’s compromise of Microsoft corporate email accounts "presents a grave and unacceptable risk to federal agencies."

Zscaler announces plans to acquire Airgap Networks, a venture-backed startup selling network segmentation and secure access technologies.

Tel Aviv startup banks seed funding for technology to help organizations connect, secure, and provide access to multiple data sources.

The US government issues a red-alert for what appears to be a massive supply chain breach at Sisense, a company that sells big-data analytics tools.

Simbian aims to build a fully autonomous security platform that lets humans make the strategic decisions while AI implements those decisions.

SecurityWeek speaks to Tom Scholl, VP and distinguished engineer at AWS, on how the organization tackles IP Spoofing and DDoS attacks.