Google has issued an urgent alert for nearly 2 billion Windows users to update their Chrome browser to address critical security vulnerabilities, including a remote code execution flaw discovered by Apple’s SEAR team.
View full story…

The US Cybersecurity and Infrastructure Security Agency has warned manufacturing companies of significant vulnerabilities in Rockwell Automation and Mitsubishi Electric’s industrial control systems, which could lead to unauthorized access and denial-of-service attacks.
View full story…

Sophos has been engaged in a prolonged conflict with Chinese state-sponsored hacking groups, including Volt Typhoon and APT31, which have exploited vulnerabilities in its firewall appliances to target critical infrastructure and high-value organizations worldwide.
View full story…

The Iranian state-sponsored threat actor Cotton Sandstorm, also known as Emennet Pasargad, is utilizing advanced AI tactics to broaden its cyber operations beyond Israeli organizations to include targets in the US, France, and Sweden, while preparing for influence operations related to the upcoming US Presidential Election and the 2024 Paris Olympics.
View full story…

Microsoft has postponed the launch of its AI-powered Recall tool for Copilot Plus PCs to December 2024, citing significant privacy and data security issues raised by critics.
View full story…

The cybersecurity industry in Europe is experiencing critical staffing shortages, worsened by layoffs and budget cuts, which hinder its ability to combat increasing cyber threats effectively.
View full story…

Organizations face significant security challenges with SaaS applications like Salesforce, primarily due to misconfigurations that can lead to unauthorized access and data breaches.
View full story…

Next-generation firewalls (NGFWs) provide advanced security features and centralized management, addressing the limitations of traditional firewalls and ensuring robust protection for cloud-first and hybrid work environments.
View full story…

qBittorrent has resolved a critical remote code execution vulnerability, CVE-2024-51774, stemming from improper SSL/TLS certificate validation, which had exposed users to potential man-in-the-middle attacks for over 14 years.
View full story…

Microsoft has revealed that the Chinese threat actor Storm-0940, associated with the CovertNetwork-1658 botnet, is conducting sophisticated cyberattacks targeting its customers through compromised SOHO routers.
View full story…

The 2024 ISC2 Cybersecurity Workforce Study reveals a stagnation in the global cybersecurity job market, with economic constraints leading to staffing shortages and skills gaps, while professionals increasingly view artificial intelligence as a key opportunity for enhancing security and career growth.
View full story…

The Xiu Gou phishing kit, developed by cybercriminals, has been actively targeting individuals in the public sector, postal services, digital services, and banking in the US, UK, Spain, Australia, and Japan since September 2024, utilizing advanced technology and sophisticated tactics to evade detection.
View full story…

LightSpy, a sophisticated iOS spyware linked to a suspected state-sponsored group, exploits vulnerabilities in iOS and macOS systems to collect sensitive data and introduce destructive functions, posing a significant threat to Apple device users.
View full story…

A security breach on October 30th, 2024, involved the npm package @lottiefiles/lottie-player, targeting versions 205, 206, and 207 to inject malicious code that exploited cryptocurrency wallets.
View full story…