Suspected Russian hackers were caught exploiting a recently patched Windows vulnerability as a zero-day in ongoing attacks targeting Ukrainian entities. [...]

​Attackers now target a critical severity vulnerability with publicly available exploit code that affects multiple models of end-of-life D-Link network-attached storage (NAS) devices. [...]

Microsoft has disclosed a high-severity Exchange Server vulnerability that allows attackers to forge legitimate senders on incoming emails and make malicious messages a lot more effective. [...]

​The FBI, the NSA, and cybersecurity authorities of the Five Eyes intelligence alliance have released today a list of the top 15 routinely exploited vulnerabilities throughout last year. [...]

Apple has added a new security feature with the iOS 18.1 update released last month to ensure that iPhones automatically reboot after long idle periods to re-encrypt data and make it harder to extract. [...]

Amazon confirmed a data breach involving employee information after data allegedly stolen during the May 2023 MOVEit attacks was leaked on a hacking forum. [...]

After being used in Akira and Fog ransomware attacks, a critical Veeam Backup & Replication (VBR) security flaw was also recently exploited to deploy Frag ransomware. [...]

Palo Alto Networks warned customers to restrict access to their next-generation firewalls because of a potential remote code execution vulnerability in the PAN-OS management interface. [...]

Today, CISA warned that attackers are exploiting a critical missing authentication vulnerability in Palo Alto Networks Expedition, a migration tool that can help convert firewall configuration from Checkpoint, Cisco, and other vendors to PAN-OS. [...]

Cisco has fixed a maximum severity vulnerability that allows attackers to run commands with root privileges on vulnerable Ultra-Reliable Wireless Backhaul (URWB) access points that provide connectivity for industrial wireless automation. [...]

​​Court systems across Washington state have been down since Sunday when officials said "unauthorized activity" was detected on their networks. [...]

Canadian authorities have arrested a man suspected of having stolen the data of hundreds of millions after targeting over 165 organizations, all of them customers of cloud storage company Snowflake. [...]

​The City of Columbus, Ohio, notified 500,000 individuals that a ransomware gang stole their personal and financial information in a July 2024 cyberattack. [...]

​Cisco says that non-public files recently downloaded by a threat actor from a misconfigured public-facing DevHub portal don't contain information that could be exploited in future breaches of the company's systems. [...]

The Housing Authority of the City of Los Angeles (HACLA), one of the largest public housing authorities in the United States, confirmed that a cyberattack hit its IT network after recent breach claims from the Cactus ransomware gang. [...]

Synology, a Taiwanese network-attached storage (NAS) appliance maker, patched two critical zero-days exploited during last week's Pwn2Own hacking competition within days. [...]

​Microsoft announced today that Windows 10 home users can delay the switch to Windows 11 for one more year if they're willing to pay $30 for Extended Security Updates (ESU). [...]

​Interbank, one of Peru's leading financial institutions, has confirmed a data breach after a threat actor who hacked into its systems leaked stolen data online. [...]

Ransomware gangs now exploit a critical security vulnerability that lets attackers gain remote code execution (RCE) on vulnerable Veeam Backup & Replication (VBR) servers. [...]

U.S. and U.K. cyber agencies warned today that APT29 hackers linked to Russia's Foreign Intelligence Service (SVR) target vulnerable Zimbra and JetBrains TeamCity servers "at a mass scale." [...]

Fidelity Investments, a Boston-based multinational financial services company, disclosed that the personal information of over 77,000 customers was exposed after its systems were breached in August. [...]

​Today, CISA revealed that attackers actively exploit a critical FortiOS remote code execution (RCE) vulnerability in the wild. [...]

Palo Alto Networks warned customers today to patch security vulnerabilities (with public exploit code) that can be chained to let attackers hijack PAN-OS firewalls. [...]

A group of pro-Ukrainian hacktivists has claimed responsibility for the September breach of Russian security company Doctor Web (Dr.Web). [...]

American IT software company Ivanti has released security updates to fix three new Cloud Services Appliance (CSA) zero-days tagged as actively exploited in attacks. [...]