SonicWall urges admins to patch critical RCE flaw in SMA 100 devices
SonicWall urges customers to patch SMA 100 series appliances against a critical authenticated arbitrary file upload vulnerability that can let attackers gain remote code execution.
Microsoft: SharePoint servers also targeted in ransomware attacks
A Chinese hacking group is deploying Warlock ransomware on Microsoft SharePoint servers vulnerable to widespread attacks targeting the recently patched ToolShell zero-day exploit chain.
Brave blocks Windows Recall from screenshotting your browsing activity
Brave Software says its privacy-focused browser will block Microsoft's Windows Recall from capturing screenshots of Brave windows by default to protect users' privacy.
Trump AI plan calls for cybersecurity assessments, threat info-sharing
It remains unclear how federal agencies depleted by layoffs will be able to implement the strategyâs ambitious vision, which includes an ISAC dedicated to AI.
Proton launches privacy-respecting encrypted AI assistant Lumo
Proton has launched a new tool called Lumo, offering a privacy-first AI assistant that does not log user conversations and doesn't use their prompts for training.
Hackers fooled Cognizant help desk, says Clorox in $380M cyberattack lawsuit
Clorox is suing IT giant Cognizant for gross negligence, alleging it enabled a massive August 2023 cyberattack by resetting an employee's password for a hacker without first verifying their identity.
Russia turns to Kyrgyzstanâs booming crypto sector to evade sanctions, researchers say
According to a new report by blockchain intelligence firm TRM Labs, Kyrgyz-registered exchanges have repeatedly been used by sanctioned Russian entities.
US nuclear weapons agency hacked in Microsoft SharePoint attacks
Unknown threat actors have breached the National Nuclear Security Administration's network in attacks exploiting a recently patched Microsoft SharePoint zero-day vulnerability chain.
NPM package âisâ with 2.8M weekly downloads infected devs with malware
The popular NPM package 'is' has been compromised in a supply chain attack that injected backdoor malware, giving attackers full access to compromised devices.
Cisco network access security platform vulnerabilities under active exploitation | CyberScoop
The software defects, which have a maximum-severity rating, do not require authentication and allow remote attackers to execute code arbitrarily on the underlying system.
Authorities in Ukraine nab alleged admin of Russian-language cybercrime forum | CyberScoop
Officials accuse the unnamed suspect of running XSS.is, a key and long-running marketplace with more than 50,000 registered users. The suspect allegedly made more than $8.2 million.