The US Cybersecurity and Infrastructure Security Agency’s contract with MITRE Corporation for the Common Vulnerabilities and Exposures Program is at risk, leading to a temporary pause in new CVE assignments and raising concerns about the sustainability of vulnerability management in cybersecurity.
SentinelOne reported a sophisticated cyber operation named “PurpleHaze,” attributed to Chinese cyber-espionage groups APT15 and UNC5174, which targeted over 70 organizations globally using advanced tactics, including exploiting zero-day vulnerabilities and deploying the GOREshell backdoor.
The financial services sector is experiencing a significant increase in volumetric DDoS attacks, driven by geopolitical tensions and the rise of DDoS-for-hire services, with a notable 23% rise in application-layer attacks in 2024 compared to the previous year.
The Department of Justice has filed a civil forfeiture complaint to permanently seize over $7.7 million in digital assets associated with a North Korean money laundering operation involving IT workers who impersonated Americans to secure freelance jobs and evade sanctions.
As APIs become prime targets for cybercriminals, organizations face significant risks from sophisticated attacks exploiting vulnerabilities, misconfigurations, and outdated security measures.
The FBI has warned that the Badbox 2.0 botnet has compromised over a million internet-connected devices worldwide, primarily targeting low-cost, uncertified consumer electronics, particularly those running on Android-powered IoT systems in smart homes.
