Over 300 malicious Android applications downloaded 60 million items from Google Play acted as adware or attempted to steal credentials and credit card information. […]
New Windows zero-day exploited by 11 state hacking groups since 2017
At least 11 state-backed hacking groups from North Korea, Iran, Russia, and China have been exploiting a new Windows vulnerability in data theft and cyber espionage zero-day attacks since 2017. […]
Critical AMI BMC Vulnerability Exposes Servers to Disruption, Takeover
A critical vulnerability affecting baseboard management controller (BMC) firmware made by AMI could expose many devices to remote attacks.
The post Critical AMI BMC Vulnerability Exposes Servers to Disruption, Takeover appeared first on SecurityWeek.
Google Releases Major Update for Open Source Vulnerability Scanner
Google has integrated OSV-SCALIBR features into OSV-Scanner, its free vulnerability scanner for open source developers.
The post Google Releases Major Update for Open Source Vulnerability Scanner appeared first on SecurityWeek.
Google to purchase Wiz for $32 billion in cloud security play
Google has announced it entered into a definitive agreement to acquire Wiz, a leading cloud security platform, for $32 billion in an all-cash transaction. […]
New ‘Rules File Backdoor’ Attack Lets Hackers Inject Malicious Code via AI Code Editors
Cybersecurity researchers have disclosed details of a new supply chain attack vector dubbed Rules File Backdoor that affects artificial intelligence (AI)-powered code editors like GitHub Copilot and Cursor, causing them to inject malicious code.
“This technique enables hackers to silently compromise AI-generated code by injecting hidden malicious instructions into seemingly innocent
“This technique enables hackers to silently compromise AI-generated code by injecting hidden malicious instructions into seemingly innocent
Critical AMI MegaRAC bug can let attackers hijack, brick servers
A new critical severity vulnerability found in American Megatrends International’s MegaRAC Baseboard Management Controller (BMC) software can let attackers hijack and potentially brick vulnerable servers. […]
Blockchain gaming platform WEMIX hacked to steal $6.1 million
Blockchain gaming platform WEMIX suffered a cyberattack last month, allowing threat actors to steal 8,654,860 WEMIX tokens, valued at approximately $6,100,000 at the time. […]
Unpatched Windows Zero-Day Flaw Exploited by 11 State-Sponsored Threat Groups Since 2017
An unpatched security flaw impacting Microsoft Windows has been exploited by 11 state-sponsored groups from China, Iran, North Korea, and Russia as part of data theft, espionage, and financially motivated campaigns that date back to 2017.
The zero-day vulnerability, tracked by Trend Micro’s Zero Day Initiative (ZDI) as ZDI-CAN-25373, refers to an issue that allows bad actors to execute hidden
The zero-day vulnerability, tracked by Trend Micro’s Zero Day Initiative (ZDI) as ZDI-CAN-25373, refers to an issue that allows bad actors to execute hidden
Google Acquires Wiz for $32 Billion in Its Biggest Deal Ever to Boost Cloud Security
Google is making the biggest ever acquisition in its history by purchasing cloud security company Wiz in an all-cash deal worth $32 billion.
“This acquisition represents an investment by Google Cloud to accelerate two large and growing trends in the AI era: improved cloud security and the ability to use multiple clouds (multicloud),” the tech giant said today.
It added the acquisition, which is
“This acquisition represents an investment by Google Cloud to accelerate two large and growing trends in the AI era: improved cloud security and the ability to use multiple clouds (multicloud),” the tech giant said today.
It added the acquisition, which is