A critical zero-day vulnerability in Cleo’s file transfer software, CVE-2024-50623, allows unauthenticated remote code execution and has been exploited by the Termite ransomware group, affecting numerous organizations across various sectors.
View full story…

A critical vulnerability in the WPForms plugin, tracked as CVE-2024-11205, allows authenticated users to execute unauthorized payment refunds and cancel subscriptions, impacting over three million websites still using vulnerable versions.
View full story…

The United States has imposed sanctions on Sichuan Silence Information Technology Company and its employee Guan Tianfeng in response to a significant cyberattack that compromised global computer firewalls, including critical infrastructure in the US.
View full story…

A critical security flaw, dubbed “AuthQuake,” in Microsoft Azure’s Multi-Factor Authentication system has potentially allowed unauthorized access to over 400 million Microsoft 365 accounts, enabling cybercriminals to bypass protections with minimal effort.
View full story…

A ransomware attack by the Russian group INC Ransom compromised sensitive data at Alder Hey Children’s NHS Foundation Trust, Liverpool Heart and Chest Hospital, and Royal Liverpool University Hospital, prompting a coordinated response from law enforcement and cybersecurity agencies.
View full story…

A ransomware attack on the Comtel data center in India compromised the security of 16 brokerage firms, raising concerns about data integrity and the need for enhanced cybersecurity measures.
View full story…

Snowflake will require all customer accounts to implement multi-factor authentication by November 2025 to enhance security and prevent cyber threats following a series of attacks exploiting the lack of MFA.
View full story…

Ransomware attacks on utility organizations, particularly in the water and energy sectors, have increased by 42% over the past year, driven largely by spearphishing tactics and the activities of ransomware groups like Play and LockBit.
View full story…

Artivion, a Georgia-based medical device manufacturer, suffered a ransomware attack that encrypted files and acquired sensitive data, leading to operational disruptions and highlighting the healthcare sector’s vulnerability to cyber threats.
View full story…

The hacking groups ShinyHunters and Nemesis have executed a large-scale cyber operation exploiting vulnerabilities in public websites, resulting in the theft of sensitive data from numerous organizations.
View full story…

A sophisticated phishing campaign is targeting job seekers through fraudulent job listings, distributing the AppLite Banker malware variant primarily on Android devices to steal personal and corporate credentials.
View full story…

The increasing frequency of cyberattacks on software supply chains, exemplified by incidents like the SolarWinds and Okta breaches, underscores the urgent need for enhanced security measures and continuous monitoring to protect against vulnerabilities.
View full story…

The number of cyber-attacks reported by large regulated financial institutions to the UK’s Financial Conduct Authority has significantly decreased by 53% in 2024, attributed to enhanced regulations and increased vigilance within the sector.
View full story…

A critical zero-day vulnerability, CVE-2024-49138, in the Microsoft Windows Common Log File System Driver poses significant risks, allowing local attackers to execute arbitrary code and elevate privileges, with active exploitation reported.
View full story…