Iranian APT Intrusion Masquerades as Chaos Ransomware Attack
The Iran-linked APT actor MuddyWater has been observed performing an intrusion masquerading as a ransomware attack, Rapid7 reports. As part of the intrusion observed in…
Category: SecurityWeek
Autonomous Offensive Security Firm XBOW Raises $35 Million
Autonomous offensive security firm XBOW on Wednesday announced raising $35 million in an extension of the Series C funding round announced earlier this year. The…
Herd Security Raises $3 Million for AI-Powered Training Platform
Herd Security today announced raising $3 million in a funding round led by Aspiron Ventures, with additional support from ForwardSlash VC, Forum Ventures, Rightside Capital,…
Government, Scientific Entities Hit via Daemon Tools Supply Chain Attack
Government, scientific, manufacturing, and retail organizations have been targeted with a sophisticated backdoor in an ongoing supply chain attack involving the Daemon Tools disk imaging…
Critical Remote Code Execution Vulnerability Patched in Android
Google announced on Monday the release of an Android update patching a critical vulnerability that can be exploited for remote code execution. The flaw, tracked…
Critical Bug Could Expose 300,000 Ollama Deployments to Information Theft
Roughly 300,000 Ollama deployments are prone to sensitive information theft through a remotely exploitable, unauthenticated critical vulnerability, Cyera warns. Ollama is an open source solution…
Microsoft Warns of Sophisticated Phishing Campaign Targeting US Organizations
Microsoft has warned organizations in the United States about a sophisticated phishing campaign that uses a “code of conduct review” theme to lure victims to…
Hacker Conversations: Joey Melo on Hacking AI
Joey Melo’s personal approach to hacking is less about deconstructing an original and then reconstructing it for a different purpose, and more about controlling the…
MetInfo, Weaver E-cology Vulnerabilities in Attackers’ Crosshairs
Threat actors have separately started exploiting two critical-severity vulnerabilities in MetInfo and Weaver E-cology that allow them to execute arbitrary code remotely, without authentication. MetInfo…
DigiCert Revokes Certificates After Support Portal Hack
DigiCert last week announced that certificates fraudulently obtained from its internal support portal after a cyberattack were revoked. The attack, the company said in a…
Cisco Moves to Acquire Astrix Security to Tackle Non-Human Identity Risks
Cisco on Monday announced its intent to acquire Astrix Security, a startup focused on securing non-human identities (NHIs) such as API keys, service accounts, and OAuth tokens…
Trellix Source Code Repository Breached
Cybersecurity company Trellix says a part of its source code repository was recently breached, but shared little other information about the incident. Trellix said it…