Security Bulletin

Russia's APT29 is going after a critical RCE flaw in the JetBrains TeamCity software developer platform, prompting governments worldwide to issue an urgent warning to patch.

In a bid to avert another breach similar to the hack of several U.S. government email accounts by Chinese advanced persistent threat operation Storm-0558 using a compromised Microsoft signing key, the Cybersecurity and Infrastructure Security Agency...

More than 92% of internet-exposed instances of the pfSense open-source firewall and router software could be compromised to achieve remote code execution by chaining the reflective XSS vulnerabilities, tracked as CVE-2023-42325 and CVE-2023-42327, as...

Sony-owned video game developer Insomniac Games had its systems claimed to be hacked by the Rhysida ransomware gang, reports Cyber Daily.

CBS News reports that New York-based health providers HealthAlliance Hospital, Margaretville Hospital, and Mountainside Residential Care Center, which are under the Westchester Medical Center Health Network, had their patients' data compromised in an...

Bankrupt Bitcoin ATM firm Coin Cloud had its systems claimed to be hacked by unknown threat actors last month but questions remain about the true nature of the intrusion, according to TechCrunch.

Ukraine takes credit for Russian tax authority hack Russia's Federal Taxation Service, or FNS, had its central and regional servers infiltrated in a cyberattack admitted to be conducted by Ukraine's Defense Intelligence service, BleepingComputer...

Significant internet and network disruptions have been experienced across Ukraine following a major cyberattack against the country's largest telecommunications firm Kyivstar, according to The Record, a news site by cybersecurity firm Record Future.

Organizations across at least 13 countries, including Ukraine, Australia, Italy, and Saudi Arabia, have been subjected to a new cyberespionage campaign by Russian state-backed threat group APT28 also known as Fancy Bear, Forest Blizzard, ITG05...

Experts say leadership needed now more than ever, as Coker aims to strengthen public-private partnerships.

EMB3D, like ATT&CK and CWE, seeks to provide a common understanding of cyber-threats to embedded devices and of the security mechanisms for addressing them.

Microsoft researchers say threat actors abused OAuth to deploy VMs for cryptomining, establish persistence following BEC attacks, and launch spamming activity.