SonicWall warned customers today to reset credentials after their firewall configuration backup files were exposed in a security breach that impacted MySonicWall accounts. [...]

In our previous blog post (Part 1 of our key replication series), Automatically replicate your card payment keys across AWS Regions, we explored an event-driven, serverless architecture using AWS PrivateLink to securely replicate card payment keys across AWS Regions. That solution demonstrated how to build a custom replication framework …

Google has confirmed that hackers created a fraudulent account in its Law Enforcement Request System (LERS) platform that law enforcement uses to submit official data requests to the company [...]

FinWise Bank is warning on behalf of corporate customers that it suffered a data breach after a former employee accessed sensitive files after the end of their employment. [...]

Academic researchers have devised a new variant of Rowhammer attacks that bypass the latest protection mechanisms on DDR5 memory chips from SK Hynix. [...]

​Microsoft has reminded administrators again that Exchange 2016 and Exchange 2019 will reach the end of extended support next month and has provided guidance for decommissioning outdated servers. [...]

Vulnerabilities are discovered daily—but not every alert matters. SecAlerts pulls from 100+ sources for faster, real-time vuln alerts, filtering the noise so teams can patch quicker and stay secure. [...]

The FBI has issued a FLASH alert warning that two threat clusters, tracked as UNC6040 and UNC6395, are compromising organizations' Salesforce environments to steal data and extort victims. [...]

A newly discovered phishing-as-a-service (PhaaS) platform, named VoidProxy, targets Microsoft 365 and Google accounts, including those protected by third-party single sign-on (SSO) providers such as Okta. [...]

A threat actor named WhiteCobra has targeting VSCode, Cursor, and Windsurf users by planting 24 malicious extensions in the Visual Studio marketplace and the Open VSX registry. [...]

A recently discovered ransomware strain called HybridPetya can bypass the UEFI Secure Boot feature to install a malicious application on the EFI System Partition. [...]

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) is warning of hackers exploiting a critical remote code execution flaw in DELMIA Apriso, a manufacturing operations management (MOM) and execution (MES) solution from French company Dassault Systèmes. [...]

When cyberattacks hit, every second counts. Survival depends on three essentials: clarity to see what's happening, control to contain it, and a lifeline to recover fast. Learn from Acronis TRU how MSPs and IT teams can prepare now for the difference between recovery and catastrophe. [...]

A Tennessee court has sentenced a Memphis man who worked for a DVD and Blu-ray manufacturing and distribution company to 57 months in prison for stealing and selling digital copies of unreleased movies. [...]

Samsung has patched a remote code execution vulnerability that was exploited in zero-day attacks targeting its Android devices. [...]

U.S. Senator Ron Wyden has sent a letter to the Federal Trade Commission (FTC) requesting the agency to investigate Microsoft for failing to provide adequate security in its products, which led to ransomware attacks against healthcare organizations. [...]

Apple warned customers last week that their devices were targeted in a new series of spyware attacks, according to the French national Computer Emergency Response Team (CERT-FR). [...]

Panama's Ministry of Economy and Finance (MEF) has disclosed that one of its computers may have been compromised in a cyberattack.. [...]

Microsoft Teams will automatically alert users when they send or receive a private message containing links that are tagged as malicious. [...]

The Akira ransomware gang is actively exploiting CVE-2024-40766, a year-old critical-severity access control vulnerability, to gain unauthorized access to SonicWall devices. [...]

A new Spectre-like attack dubbed VMScape allows a malicious virtual machine (VM) to leak cryptographic keys from an unmodified QEMU hypervisor process running on modern AMD or Intel CPUs. [...]

A prominent US senator has called on the Federal Trade Commission to investigate Microsoft for “gross cybersecurity negligence,” citing the company’s continued use of an obsolete and vulnerable form of encryption that Windows uses by default. In a letter to FTC Chairman Andrew Ferguson, Sen. Ron Wyden (D …

As hackers exploit a high-severity vulnerability in SAP’s flagship Enterprise Resource Planning software product, the software maker is warning users of more than two dozen newly detected vulnerabilities in its other widely used products, including a security flaw with a maximum-severity rating of 10. SAP on Tuesday said …

Hackers planted malicious code in open source software packages with more than 2 billion weekly updates in what is likely to be the world’s biggest supply-chain attack ever. The attack, which compromised nearly two dozen packages hosted on the npm repository, came to public notice on Monday in …

Large network scans have been targeting Cisco ASA devices, prompting warnings from cybersecurity researchers that it could indicate an upcoming flaw in the products. [...]