Security Bulletin

Health Net allegedly falsified certifications for TRICARE, the health benefits program for military personnel.

Misuse of the vulnerable $where operator can allow arbitrary code to be executed on a Node.js application server.

A recent IBM study found that 83% of companies will experience a data breach, with incidents in 2023 costing an average of $4.45 million.

Founded in 2020, SafeBase helps organizations streamline security questionnaires using artificial intelligence trained on security documentation.

The initiative comes as enterprises rapidly adopt AI-driven applications, with F5’s research showing that 75% of organizations are already deploying AI-based solutions.

The collaboration seeks to address gaps between cloud infrastructure and application security, allowing organizations to gain improved visibility.

Organizations typically use multiple security tools, resulting in inefficiencies and high costs, according to the company.

Alexander Vinnik was the operator of BTC-e, a now-defunct cryptocurrency exchange linked to laundering $4 billion in illicit funds.

The group, led by Rep. John Joyce, R-Pa, aims to create a national privacy standard to protect consumer rights and maintain US leadership in digital technology, including artificial intelligence.

One of 2024's most active ransomware outfits has been asleep through early 2025, thanks to reality-show-style, behind-the-scenes drama.

In addition to using CVE-2018-0171 and other Cisco bugs to break into telecom networks, the China-sponsored APT is also using stolen login credentials for initial access.