For individuals

CVE-2024-0402, CVSS score 9.9, may affect more than 4,800 unpatched GitLab servers.

Here are three ways to simplify the team’s cloud security strategy.

Both China-backed APTs and ordinary cyberattackers have seized on a pair of Ivanti VPN bugs for global exploitation.

Ukraine's Coordination Headquarters for the Treatment of Prisoners of War had its website subjected to a distributed denial-of-service attack during the weekend, from which it has since recovered from, reports The Record, a news site by cybersecurity firm Recorded Future.

A monitoring exercise identified user details in 716 compromised RIPE NCC accounts, plus other valuable credentials belonging to those victims.

Mandiant and CISA say security teams should prioritize the bugs as Ivanti released patches Jan. 31.

BleepingComputer reports that nearly 45,000 internet-exposed Jenkins open-source automation servers around the world could be compromised in attacks leveraging the critical remote code execution vulnerability, tracked as CVE-2024-23897, which has already been addressed in updates issued last week.

Over 1.5M hit by Keenan & Associates breach California-based insurance consulting and brokerage company Keenan & Associates had data from more than 1.5 million of its customers and employees compromised following a cyberattack in August, according to BleepingComputer.

StateScoop reports that almost 6,000 individuals had their data stolen following the November ransomware attack against the City of Huber Heights in Ohio, which resulted in the disruption of various city systems.

Threat operation CYBOCREW and its affiliate UNIT8200 have been peddling a stolen database including personal and sensitive information of more than 750 million Indian mobile network subscribers, or almost half of the country's population, according to Hackread.