Too many Fortinet firewalls vulnerable to attack via CVE-2024-55591 are still accessible from the Internet.
Personal data of nearly 100,000 individuals that have participated in trainings organized by EU CEPOL has potentially been compromised.
FBI and CISA officials have advised Americans to use encrypted call and messaging apps to protect their communications from threat actors.
Supply chain management SaaS vendor Blue Yonder experienced a ransomware attack that impacted big companies like Starbucks.
The FreeBSD Foundation has released an extensive security audit of two critical FreeBSD components: bhyve and Capsicum.
North Korean hackers are targeting crypto-related businesses with phishing emails and novel macOS-specific malware.
Fortinet has released critical security updates for FortiManager, to fix a critical vulnerability that is reportedly being exploited.
The total number of DDoS attacks during H1 2024 amounted to 830,000, an increase of 46% when compared to H1 2023, according to Gcore.
A previously discovered vulnerability affecting self-hosted Cisco Webex instances similarly affected the Webex cloud service.
The global attacker median dwell time continued trending downwards in 2023, and is now 10 days (from 16 days in the previous year).
Security researchers have found a bug that could allow attackers to deliver malware directly into employees' Microsoft Teams inbox.
The Swiss government is under DDoS attacks, but several ransomware gangs have also turned their sights on other Swiss organizations.
A vulnerability (CVE-2023-2868) in Barracuda Networks' ESG appliances is actively exploited by attackers, the company has warned.
A vulnerability (CVE-2023-32784) in KeePass can be exploited to retrieve the master password from the software's memory.
Resecurity has recently identified the STYX Innovation Marketplace, a new cybercriminal e-commerce platform focused on financial fraud.
For March 2023 Patch Tuesday Microsoft has fixed 2 vulnerabilities actively exploited in the wild (CVE-2023-23397, CVE-2023-24880).
A PoC exploit for CVE-2023-21716, a critical RCE vulnerability in Microsoft Word that can be exploited when the user previews a specially crafted RTF document, is now publicly available.
An unauthenticated RCE flaw (CVE-2022-27518) is being leveraged by APT5 to compromise Citrix ADC deployments.
The rising adoption of connected medical devices is accelerating cyberattacks, according to Capterra’s Medical IoT Survey.
November 2022 Patch Tuesday is here, with fixes for CVE-2022-41091, CVE-2022-41049, CVE-2022-41128 and other actively exploited bugs.