Security Bulletin

Francier Obando Pinillo faces 26 counts of fraud for running a scam on his Pasco, Washington, congregation.

According to the tech giant, it has observed a threat group seeking out vulnerable customer accounts using generative AI, then creating tools to abuse these services.

Aviatrix Controllers are prime targets because they have high-level privileges in cloud environments.

The security vulnerability tracked as CVE-2024-50603, which rates 10 out of 10 on the CVSS scale, enables unauthenticated remote code execution on affected systems, which cyberattackers are using to plant malware.

Threat actors are targeting people searching for pirated or cracked software with fake downloaders that include infostealing malware such as Lumma and Vidar.

The Hellcat ransomware group has stolen roughly 5,000 documents, potentially containing confidential information, from the telecom giant's internal database.

By focusing on vigilant security practices, responsible AI deployment, and alignment with global regulatory standards, the OSS community can make 2025 a transformative year for security.

Organizations are struggling to enforce security policies outside of traditional office environments, particularly concerning identity and access management, which is further complicated by the use of unsecured home networks and personal devices.

More robust identity and access management practices are crucial, especially as remote work environments often lack the security measures found in corporate settings.

Infiltration of the vendor's systems between October and November exposed not only individuals' names, ages, and addresses, but also photographs, medical cannabis cards, driver's license numbers, and passport numbers, said STIIIZY in a breach notice...

The communications industry logged the highest increase in CyHy enrollment between 2022 and 2024, followed by the emergency services, critical manufacturing, and water and wastewater sectors, the CISA report revealed.