Cisco has patched a critical Unity Connection security flaw that can let unauthenticated attackers remotely gain root privileges on unpatched devices. [...]

Fidelity National Financial (FNF) has confirmed that a November cyberattack (claimed by the BlackCat ransomware gang) has exposed the data of 1.3 million customers. [...]

A pro-Ukraine hacktivist group named 'Blackjack' has claimed a cyberattack against Russian provider of internet services M9com as a direct response to the attack against Kyivstar mobile operator. [...]

Ivanti has disclosed two Connect Secure (ICS) and Policy Secure zero-days exploited in the wild that can let remote attackers execute arbitrary commands on targeted gateways. [...]

Threat actors are using communication about personal pension accounts (the 401(k) plans in the U.S.), salary adjustments, and performance reports to steal company employees' credentials. [...]

Windows 10 users worldwide report problems installing Microsoft's January Patch Tuesday updates, getting 0x80070643 errors when attempting to install the KB5034441 security update for BitLocker. [...]

Enlarge (credit: Getty Images) For the past year, previously unknown self-replicating malware has been compromising Linux devices around the world and installing cryptomining malware that takes unusual steps to conceal its inner workings, researchers said. The worm is a customized version of Mirai, the botnet malware that infects Linux-based …

The U.S. District Court in Seattle sentenced ShinyHunters member Sebastien Raoult to three years in prison and ordered a restitution of $5,000,000. [...]

A Nigerian man was sentenced on Monday to 10 years and one month in prison for conspiring to launder millions stolen from elderly victims in internet fraud schemes. [...]

The X account for the U.S. Securities and Exchange Commission was hacked today to issue a fake announcement on the approval of Bitcoin ETFs on security exchanges. [...]

A Chinese state-backed research institute claims to have discovered how to decrypt device logs for Apple's AirDrop feature, allowing the government to identify phone numbers or email addresses of those who shared content. [...]

Some organizations victimized by the Royal and Akira ransomware gangs have been targeted by a threat actor posing as a security researcher who promised to hack back the original attacker and delete stolen victim data. [...]

Today, the U.S. Federal Trade Commission (FTC) banned data broker Outlogic, formerly X-Mode Social, from selling Americans' raw location data that could be used for tracking purposes. [...]

The U.S. Cybersecurity and Infrastructure Security Agency has added to its to the Known Exploited Vulnerabilities catalog six vulnerabilities that impact products from Adobe, Apache, D-Link, and Joomla. [...]

Today is Microsoft's January 2024 Patch Tuesday, which includes security updates for a total of 49 flaws and 12 remote code execution vulnerabilities. [...]

A group of financially motivated Turkish hackers targets Microsoft SQL (MSSQL) servers worldwide to encrypt the victims' files with Mimic (N3ww4v3) ransomware. [...]

In this post, we show you how to apply attribute-based access control (ABAC) while you store and manage your Amazon Elastic Kubernetes Services (Amazon EKS) workload secrets in AWS Secrets Manager, and then retrieve them by integrating Secrets Manager with Amazon EKS using External Secrets Operator to define more …

Researchers from Cisco Talos working with the Dutch police obtained a decryption tool for the Tortilla variant of Babuk ransomware and shared intelligence that led to the arrest of the ransomware's operator. [...]

The Paraguay military is warning of Black Hunt ransomware attacks after Tigo Business suffered a cyberattack last week impacting cloud and hosting services in the company's business division. [...]

Cyber Threat Intelligence (CTI) search engine Criminal IP has established a technical partnership with Tenable. Learn more from Criminal IP about how this partnership can assist in real-time vulnerability and maliciousness scans. [...]

Users of the Firefox browser for Android have been reporting that they are seeing a blank page when trying to load the main Google Search site. [...]

Enlarge / The Rexroth Nutrunner, a line of torque wrench sold by Bosch Rexroth. (credit: Bosch Rexroth) Researchers have unearthed nearly two dozen vulnerabilities that could allow hackers to sabotage or disable a popular line of network-connected wrenches that factories around the world use to assemble sensitive instruments and devices …

Toronto Zoo, the largest zoo in Canada, says that a ransomware attack that hit its systems on early Friday had no impact on the animals, its website, or its day-to-day operations. [...]

The official Netgear and Hyundai MEA Twitter/X accounts (together with over 160,000 followers) are the latest hijacked to push scams designed to infect potential victims with cryptocurrency wallet drainer malware. [...]

The Turkish state-backed cyber espionage group tracked as Sea Turtle has been carrying out multiple spying campaigns in the Netherlands, focusing on telcos, media, internet service providers (ISPs), and Kurdish websites. [...]