Palo Alto Networks and Unit 42 are investigating a critical zero-day vulnerability, CVE-2024-3400, actively exploited by threat actor UTA0218 in targeted attacks known as Operation MidnightEclipse.
Nexperia, a Dutch semiconductor company, was targeted by the Dunghill ransomware gang, resulting in the theft of trade secrets, chip designs, and customer data from major clients such as SpaceX, Apple, and Huawei.
Security teams are providing tooling to guide developers in real time to address security issues proactively, as organizations adapt their application security practices to technologies like continuous delivery pipelines and cloud-native development platforms.
Volt Typhoon, a Chinese threat actor backed by the government, poses a significant threat to national security by targeting US critical infrastructure leaders.
CISA has expanded its Malware Next-Gen Analysis platform to offer automated malware analysis support to federal, state, and local government agencies, as well as organizations, security researchers, and individuals with a login gov account, democratizing cybersecurity and enhancing threat-hunting capabilities.
Unauthenticated attackers can execute arbitrary code with root privileges on affected firewalls, prompting organizations to apply patches and mitigations immediately.
