A recently disclosed vulnerability in the Common Unix Printing System (CUPS) open-source printing system can be exploited by threat actors to launch distributed denial-of-service (DDoS) attacks with a 600x amplification factor.

The national Dutch police (Politie) says that a state actor was likely behind the data breach it detected last week.

A critical vulnerability in NVIDIA Container Toolkit impacts all AI applications in a cloud or on-premise environment that rely on it to access GPU resources.

CISA has tagged another critical Ivanti security vulnerability, which can let threat actors create rogue admin users on vulnerable Virtual Traffic Manager (vTM) appliances, as actively exploited in attacks.

Microsoft has officially announced that Windows Server Update Services (WSUS) is now deprecated, but plans to maintain current functionality and continue publishing updates through the channel.

A clever threat campaign is abusing GitHub repositories to distribute malware targeting users who frequent an open source project repository or are subscribed to email notifications from it. A malicious GitHub user opens a new

Europol and law enforcement from nine countries successfully dismantled an encrypted communications platform called

U.K.'s National Crime Agency says it arrested a 17-year-old teenager who is suspected of being connected to the cyberattack on Transport for London, the city's public transportation agency.

Kawasaki Motors Europe has announced that it's recovering from a cyberattack that caused service disruptions as the RansomHub ransomware gang threatens to leak stolen data.

Ransomware affiliates exploit a critical security vulnerability in SonicWall SonicOS firewall devices to breach victims' networks.

A new variant of the ongoing sextortion email scams is now targeting spouses, saying that their husband or wife is cheating on them, with links to the alleged proof.

Progress Software has issued an emergency fix for a maximum (10/10) severity vulnerability impacting its LoadMaster and LoadMaster Multi-Tenant (MT) Hypervisor products that allows attackers to remotely execute commands on the device.

D-Link is warning that four remote code execution (RCE) flaws impacting all hardware and firmware versions of its DIR-846W router will not be fixed as the products are no longer supported.

Veeam has released security updates for several of its products as part of a single September 2024 security bulletin that addresses 18 high and critical severity flaws in Veeam Backup & Replication, Service Provider Console, and One.

Cisco has removed a backdoor account in the Cisco Smart Licensing Utility (CSLU) that can be used to log into unpatched systems with administrative privileges.

Three men have pleaded guilty to running OTP.Agency, an online platform that provided social engineering help to obtain one-time passcodes from customers of various banks and services in the U.K.

The popular Docker-OSX project has been removed from Docker Hub after Apple filed a DMCA (Digital Millennium Copyright Act) takedown request, alleging that it violated its copyright.

Threat actors target Middle Eastern organizations with malware disguised as the legitimate Palo Alto GlobalProtect Tool that can steal data and execute remote PowerShell commands to infiltrate internal networks further.

A critical vulnerability in the LiteSpeed Cache WordPress plugin can let attackers take over millions of websites after creating rogue admin accounts.
#Admin #Cache #Computer #InfoSec #LiteSpeed #Plugin #Security #Takeover #Website #WordPress

Toyota confirmed that its network was breached after a threat actor leaked an archive of 240GB of data stolen from the company's systems on a hacking forum.