Security Bulletin

Organizations using Ivanti Connect Secure and Pulse Secure VPN systems have been urged to update their instances following a ninefold increase in suspicious IP scanning activity recorded on Apr. 18, The Register reports.

Threat actors have been combining a pair of critical Craft CMS vulnerabilities to facilitate server compromise as part of ongoing attacks, according to BleepingComputer.

Security Affairs reports that cloud tenants in the education industry have been targeted by the Storm-1977 threat operation in password spraying attacks that facilitated cryptomining activities during the past 12 months.

Initial access broker ToyMaker has been providing Cactus ransomware gang and other double extortion threat operations access to compromised systems, The Hacker News reports.

TikTok had its user database claimed to have been stolen by the R00TK1T hacking collective, which has already posted a sample of credentials belonging to 972,000 users, according to GBHackers News.

Attackers are leveraging the benefits of new technology and the availability of commodity tools, credentials, and other resources to develop sophisticated attacks more quickly than ever, putting defenders on their heels.

Security teams are under more pressure than ever — and cybersecurity debt is adding fuel to the fire. While it can't be eliminated overnight, it can be managed.

The Department of Justice announced compliance rules for the Data Security Program that will require organizations to reexamine how they do business and with whom.

An indisputable security use case for ChatGPT: scouring open-source changelogs for undisclosed vulnerability patches.

The malicious service is advertised to evade detection and closely mimic a real login page.

Attackers observed exploiting vulnerability in SAP's NetWeaver Visual Composer product.