Security Bulletin

Threat actors actively exploited 97 zero-day vulnerabilities last year, which is more than 50% higher than in 2022 but lower than in 2021, reports BleepingComputer.

Potential cyberattacks facilitated by covertly installed browser extensions could have been deployed with the exploitation of an already addressed medium-severity privilege escalation vulnerability in Microsoft Edge, according to The Hacker News.

CNBC reports that UnitedHealth Group has already provided more than $3.3 billion in advanced payments to U.S. healthcare providers that experienced financial disruptions following the far-reaching ransomware attack against its payment processor...

Major Turkish car rental service provider Rent Go had data from more than 161,000 customers exposed due to an unsecured Azure Blob Storage instance, reports Cybernews.

India had several of its government agencies and energy industry organizations subjected to cyberespionage attacks delivering the HackBrowserData information-stealing malware as part of the new Operation FlightNight campaign identified earlier this...

BleepingComputer reports that Scotland's National Health Service has been threatened by the INC Ransom extortion operation to expose 3 TB of data stolen from an attack this month.

Threat actors have launched a new phishing campaign using fraudulent bank payment notifications to facilitate the deployment of the Agent Tesla information-stealing and keylogging malware, The Hacker News reports.

The Cybersecurity and Infrastructure Security Agency has unveiled a draft cyber incident disclosure rule created under the Cyber Incident Reporting for Critical Infrastructure Act that would mandate organizations part of the 16 designated critical...

Attackers trigger hundreds of password reset prompts in an attempt to take over iCloud accounts.

CISA encouraged security teams handling industrial control systems to review and mitigate the Rockwell Automation bugs.

A certification for zero-trust could work much like it does for IoT products, offering a standard so buyers know new zero-trust products are secure.