The US Cybersecurity and Infrastructure Security Agency (CISA) has unveiled its inaugural International Strategic Plan for fiscal years 2025-2026, aimed at enhancing national security through global collaboration to address cross-border cyber and physical threats.
View full story…

A critical security vulnerability (CVE-2024-50550) in the LiteSpeed Cache plugin for WordPress allows unauthorized users to gain administrator-level access, affecting over 6 million installations and necessitating immediate updates to version 6.5.2 or higher.
View full story…

Fog and Akira ransomware groups are actively exploiting the critical SonicWall VPN vulnerability CVE-2024-40766, which allows unauthorized access to corporate networks, despite the availability of a patch.
View full story…

A sophisticated phishing campaign linked to the threat actor Chenlun, also known as Sinkinto01, is using text messages that impersonate Amazon and USPS to steal personal information.
View full story…

The European Union’s NIS 2 Directive, effective October 17, 2024, mandates enhanced cybersecurity measures and compliance requirements for approximately 300,000 organizations across various sectors, emphasizing the involvement of senior management and stringent incident reporting protocols.
View full story…

Star Health and Allied Insurance Company suffered a significant data breach attributed to the hacker group xenZen, compromising the personal data of over 31 million customers and leading to legal actions against Telegram and Cloudflare.
View full story…

Operation Magnus, led by the Dutch National Police with support from the FBI and other international agencies, successfully dismantled a major malware network responsible for distributing the RedLine and Meta infostealers, seizing servers and source code while uncovering a vast trove of compromised data.
View full story…

Evasive Panda, a China-aligned APT group, has been exploiting vulnerabilities to deploy the CloudScout toolkit for cyberespionage against Taiwanese government agencies and religious institutions.
View full story…

The implementation of the EU’s NIS2 Directive has led 95% of organizations in the EMEA region to divert funds from various business areas, creating financial strain as they strive to meet compliance requirements.
View full story…

The UK’s Information Commissioner has issued a warning to organizations about the severe consequences of data breaches, particularly for vulnerable populations, urging them to adopt stronger data protection measures.
View full story…

A newly identified 0-day vulnerability in Windows allows attackers to remotely capture NTLM authentication hashes, posing significant security risks across all versions from Windows 7 to Windows 11 24H2.
View full story…

International law enforcement, led by the Dutch National Police and the FBI, dismantled the infrastructure of the notorious Redline and Meta infostealers, which have targeted millions of devices worldwide to extract sensitive information and facilitate cybercrimes.
View full story…

In response to a cyber attack that compromised customer data, Transport for London has extended the validity of expired child and student Zip cards until December 31, 2024, while working to restore application services for new cards.
View full story…