CISA is warning that a critical GeoServer GeoTools remote code execution flaw tracked as CVE-2024-36401 is being actively exploited in attacks. […]
Email addresses of 15 million Trello users leaked on hacking forum
A threat actor has released over 15 million email addresses associated with Trello accounts that were collected using an unsecured API in January. […]
Microsoft announces new Windows ‘checkpoint’ cumulative updates
Microsoft will introduce checkpoint cumulative updates starting in late 2024 for systems running devices running Windows Server 2025 and Windows 11, version 24H2 or later. […]
Rite Aid says June data breach impacts 2.2 million people
Rite Aid, the third-largest drugstore chain in the United States, says that 2.2 million customers’ personal information was stolen last month in what it described as a “data security incident.” […]
Organizations Warned of Exploited GeoServer Vulnerability
CISA says it has evidence that a recent critical-severity vulnerability in GeoServer is exploited in the wild.
The post Organizations Warned of Exploited GeoServer Vulnerability appeared first on SecurityWeek.
APT Exploits Windows Zero-Day to Execute Code via Disabled Internet Explorer
The Void Banshee APT exploited the CVE-2024-38112 Windows zero-day to infect systems with the Atlantida stealer.
The post APT Exploits Windows Zero-Day to Execute Code via Disabled Internet Explorer appeared first on SecurityWeek.
Ex-GitHub Engineers Raise $20M to Enhance Pen-Testing with AI-Powered XBOW
A team of former GitHub engineers has secured $20 million in venture capital funding to build AI-powered security tools.
The post Ex-GitHub Engineers Raise $20M to Enhance Pen-Testing with AI-Powered XBOW appeared first on SecurityWeek.
Microsoft links Scattered Spider hackers to Qilin ransomware attacks
Microsoft says the Scattered Spider cybercrime gang has added Qilin ransomware to its arsenal and is now using it in attacks. […]
‘Konfety’ Ad Fraud Uses 250+ Google Play Decoy Apps to Hide Malicious Twins
Details have emerged about a “massive ad fraud operation” that leverages hundreds of apps on the Google Play Store to perform a host of nefarious activities.
The campaign has been codenamed Konfety – the Russian word for Candy – owing to its abuse of a mobile advertising software development kit (SDK) associated with a Russia-based ad network called CaramelAds.
“Konfety represents a new form of
The campaign has been codenamed Konfety – the Russian word for Candy – owing to its abuse of a mobile advertising software development kit (SDK) associated with a Russia-based ad network called CaramelAds.
“Konfety represents a new form of
Microsoft finally fixes Outlook alerts bug caused by December updates
Microsoft has finally fixed a known Outlook issue, confirmed in February, which was triggering incorrect security alerts after installing the December security updates for Outlook Desktop. […]