Security Bulletin

Hijacked SEC account used to falsely announce Bitcoin ETF approval: everything you need to know.

Passwordless technology that simplifies online access and identity has captured plenty of interest, but it needs to be built first. Developer tools that help add passkeys into Web applications pave the way.

SiliconAngle reports that cybersecurity funding rounds and mergers and acquisitions totaled 437 in 2023, representing a 14% increase from 2022, but investments dropped by 40% to $8.7 billion.

Misconfigured Microsoft SQL database servers in the U.S., Latin America, and the European Union have been targeted by a Turkish hacking operation with Mimic ransomware, also known as N3ww4v3, as part of the RE#TURGENCE attack campaign, reports...

Numerous phishing attacks have been launched by the Water Curupira operation to deploy the PikaBot loader malware as part of campaigns that initially ran from early to mid-2023 before reemerging in September, The Hacker News reports.

Major Moscow internet service provider M9com was claimed to be compromised by pro-Ukrainian hacking operation Blackjack in retaliation for Russia's attack against Kyivstar, Ukraine's largest telecommunications firm, last month, according to The...

A fraudulent post was taken down in less than 20 minutes, but that didn't stop it from gaining over 1 million views in that short period of time.

Ransomware gang ALPHV/BlackCat has taken responsibility for compromising British defense and security firm Ultra's subsidiary Ultra Intelligence & Communications in an attack, which was claimed to have resulted in a 30 GB data theft, Cybernews...

New York-based Refuah Health Center has been compelled by state Attorney General Letitia James to allocate more than $1.2 million to strengthen its cybersecurity posture through more robust patient data security, multi-factor authentication, and semi...

Outlogic, the data broker previously known as X-Mode Social, has been prohibited by the Federal Trade Commission from engaging in the sale of Americans' geolocation data following the exposure of religious affiliations, medical visits, and more...

Kyocera Device Manager instances impacted by the already patched path traversal vulnerability, tracked as CVE-2023-50916, could be targeted by threat actors to facilitate further malicious activity, including unauthorized account access and data...

AI/ML libraries create much larger attack surfaces, and traditional IT security lacks several key capabilities for protecting them.