🔥The 9th Round of Easy Loan, Earn $40 Reward is in progress❗️ ⏰ Promotion Period: January 15th - Feburary 15th, 2025 👉 Register now and check more details at gate.io/campaigns/358

Ivanti has released fixes for dozens of vulnerabilities in Endpoint Manager, Avalanche, Connect Secure, Policy Secure, and Secure Access Client. securityweek.com/ivanti-patches…

Intel and AMD have published November 2024 Patch Tuesday security advisories to inform customers about vulnerabilities found recently in their products. securityweek.com/chipmaker-patc…

Join our CISO Forum breakout session as ProcessUnity’s Sophia Corsetti presents, “Data-First TPRM: Revolutionize Third-Party Assessments with an Exchange” - virtual.cisoforum.com/en/hall

Exploitation attempts targeting CVE-2024-10914, a recently disclosed ‘won’t fix’ vulnerability affecting outdated D-Link NAS devices. securityweek.com/unpatched-flaw…

NIST says all known exploited CVEs have been addressed, but admitted that clearing the entire NVD backlog by October was optimistic. securityweek.com/nist-explains-…

The exploit for CVE-2024-43451 , a new zero-day vulnerability in Windows, is executed by deleting files, drag-and-dropping them, or right clicking on them. securityweek.com/windows-zero-d…

Robert Purbeck was sentenced to 10 years in prison for stealing the personal information of over 132,000 people. securityweek.com/idaho-man-sent…

CISA and the FBI have confirmed that Chinese hackers compromised the networks of telecommunications companies to spy on specific targets. securityweek.com/cisa-fbi-confi…

Two Nigerian nationals, one in Mexico and one in North Dakota, have been charged for hacking into the systems of US tax preparation companies. securityweek.com/two-men-charge…

Cyber risk management solutions provider Bitsight is acquiring threat intelligence firm Cybersixgill for $115 million. securityweek.com/bitsight-to-ac…

Iran-linked Charming Kitten hackers have been running a ‘dream job’ campaign targeting the aerospace industry with the SnailResin malware. securityweek.com/iranian-hacker…

The Chinese APT behind the LightSpy iOS backdoor has expanded its toolset with DeepData, a modular Windows-based surveillance framework. securityweek.com/lightspy-ios-s…

Palo Alto Networks has confirmed that a zero-day is being exploited in attacks after investigating claims of a firewall remote code execution flaw. securityweek.com/palo-alto-netw…

Over 4 million WordPress websites were impacted by a critical Really Simple Security plugin vulnerability providing full administrative access. securityweek.com/critical-plugi…

CISA has added two more Palo Alto Networks Expedition flaws, CVE-2024-9463 and CVE-2024-9465, to its KEV catalog. securityweek.com/cisa-warns-of-…

Threat actors have hijacked over 70,000 domains, including known brands and government entities, because of failed domain ownership verification. securityweek.com/known-brand-go…

Noteworthy stories that might have slipped under the radar: TSA proposes new cyber rules for pipelines and railroads, Google adds scam call detection to Android, SIM swappers arrested in US. securityweek.com/in-other-news-…

The Glove Stealer malware leverages a recently disclosed App-Bound encryption bypass method in attacks against browsers. securityweek.com/glove-stealer-…

SurePath AI has raised $5.2 million in seed funding for a solution that helps enterprises securely use generative AI. securityweek.com/surepath-ai-ra…