The US has indicted 12 Chinese nationals, including members of a cybersecurity firm and government officials, for their involvement in a decade-long cyber-espionage campaign that targeted US critics and various foreign ministries, causing significant financial damages and escalating tensions between the US and China.
A sophisticated cyber-intrusion campaign exploiting the CVE-2024-4577 vulnerability in PHP on Windows servers has been identified, primarily affecting various sectors in Japan and utilizing tools like Cobalt Strike for persistent access.
The European Union’s ENISA has highlighted significant compliance challenges faced by six critical infrastructure sectors, including IT, health, and maritime, in meeting the new cybersecurity requirements of the NIS2 directive enacted in January 2023.
Job satisfaction among women in the cybersecurity sector has significantly decreased from 82% in 2022 to 67% in 2024, largely due to economic pressures, increased workloads, and organizational changes such as layoffs and budget cuts.
A critical security flaw in the Chaty Pro plugin allows attackers to exploit arbitrary file uploads, potentially taking control of affected WordPress sites.
ACRStealer, a sophisticated infostealer malware, has gained notoriety for its ability to covertly extract sensitive information by leveraging legitimate platforms like Google Docs and Steam since its emergence in mid-2024.
