Security Bulletin

Several organizations, including those managing U.S. critical infrastructure, have been targeted by an AsyncRAT malware campaign during the past 11 months, BleepingComputer reports.

Increasingly sophisticated and prevalent cybersecurity and physical threats against the U.S. energy infrastructure have prompted the Energy Department to introduce the $70 million All-Hazards Energy Resilience grant program aimed at supporting...

SecurityWeek reports that Merck and its insurers have reached a settlement for a $1.4 billion insurance claim filed by the U.S. multinational pharmaceutical firm under its "all-risks" coverage for the destructive NotPetya cyberattack in 2017.

At least $600 million worth of cryptocurrency was stolen by North Korean state-sponsored threat operations in 2023, accounting for nearly one-third of all exfiltrated cryptocurrency assets last year, The Hacker News reports.

Cybernews reports that Iranian cryptocurrency exchange Bit24.cash had almost 230,000 of its users' sensitive information accidentally compromised after S3 buckets storing its Know Your Customer verification data became accessible due to a...

Officials at the City of Beckley in West Virginia have confirmed that the city's computer network has been impacted by a cyberattack, according to The Record, a news site by cybersecurity firm Recorded Future.

Dutch firms, sites targeted by Sea Turtle cyberespionage campaign Turkey-linked advanced persistent threat group Sea Turtle, also known as Teal Kurma, Cosmic Wolf, and Marbled Dust, has deployed island-hopping and supply chain attacks against the...

BleepingComputer reports that internet-exposed Apache RocketMQ servers vulnerable to the critical remote code execution flaws, tracked as CVE-2023-33246 and CVE-2023-37582 the latter of which stemmed from the incomplete fix of the former were...

Attacks with an updated iteration of the Bandook remote access trojan have been launched against Windows machines, reports The Hacker News.

Adversarial machine learning terms, types and mitigations outlined in the National Institute of Standards and Technology's 98-page paper.

Attackers can exploit the issue to access all data in Cacti database; and, it enables RCE when chained with a previous vulnerability.

An old state-aligned threat actor is back on the radar, thanks to recent EMEA espionage campaigns against a minority ethnic group.