Microsoft says Warlock ransomware deployed in SharePoint attacks as governments scramble
Netherlands-based cybersecurity firm Eye Security told Reuters and Bloomberg that hackers have successfully breached at least 400 governments and businesses around the world.
Mitel warns of critical MiVoice MX-ONE authentication bypass flaw
Mitel Networks has released security updates to patch a critical-severity authentication bypass vulnerability impacting its MiVoice MX-ONE enterprise communications platform.
Bloomberg Comdb2 null pointer dereference and denial-of-service vulnerabilities
Cisco Talos’ Vulnerability Discovery & Research team recently disclosed five vulnerabilities in Bloomberg Comdb2.
Comdb2 is an open source, high-availability database developed by Bloomberg. It supports features such as clustering, transactions, snapshots, and isolation. The implementation of the database utilizes optimistic locking for concurrent operation.
The vulnerabilities mentioned in this blog post have been patched by the vendor, all in adherence to Cisco’s third-party vulnerability
Hackers compromised Toptal's GitHub organization account and used their access to publish ten malicious packages on the Node Package Manager (NPM) index.
How GenAI Is Reshaping GRC | Agentic Risk Intelligence | CSA
As companies feel mounting pressure to document cybersecurity controls & demonstrate risk maturity, we are witnessing the latest GRC wave—the AI revolution.
FBI: Thousands of people involved in 'The Com' targeting victims with ransomware, swatting
The agency released three bulletins about the group — which is composed primarily of English-speaking minors who focus on attacks like ransomware, swatting and DDoS.
How Solid Protocol Restores Digital Agency - Schneier on Security
The current state of digital identity is a mess. Your personal information is scattered across hundreds of locations: social media companies, IoT companies, government agencies, websites you have accounts on, and data brokers you’ve never heard of. These entities collect, store, and trade your data, often without your knowledge or consent. It’s both redundant and inconsistent. You have hundreds, maybe thousands, of fragmented digital profiles that often contain contradictory or logically impossible information. Each serves its own purpose, yet there is no central override and control to serve you—as the identity owner...
Cisco Talos Incident Response (Talos IR) recently observed attacks by Chaos, a relatively new ransomware-as-a-service (RaaS) group conducting big-game hunting and double extortion attacks.