A threat actor has already exploited one of the flaws in a ransomware campaign with victims in the US and other countries.

Healthcare and IT security practitioners worry some of the proposed amendments are not practical for a sector that lacks resources and often uses legacy equipment.

New cybersecurity startup Aurascape emerged from stealth today with an AI-native security platform to automate security policies for AI applications.

Artificial intelligence poses a significant concern when it comes to nation-state cyberthreats and AI’s ability to supercharge attacks.

Fortinet has released security updates to address a critical security flaw impacting FortiSwitch that could permit an attacker to make unauthorized password changes. The vulnerability, tracked as CVE-2024-48887, carries a CVSS score of 9.3 out of a maximum of 10.0. “An unverified password change vulnerability [CWE-620] in FortiSwitch GUI may allow a remote unauthenticated attacker…

Cybersecurity researchers have disclosed details of a now-patched security flaw in the Amazon EC2 Simple Systems Manager (SSM) Agent that, if successfully exploited, could permit an attacker to achieve privilege escalation and code execution. The vulnerability could permit an attacker to create directories in unintended locations on the filesystem, execute arbitrary scripts with root privileges,

Neither security issue requires user interaction; and one of the vulnerabilities was used to unlock a student activist’s device in an attempt to install spyware.

Threat actors have been observed distributing malicious payloads such as cryptocurrency miner and clipper malware via SourceForge, a popular software hosting service, under the guise of cracked versions of legitimate applications like Microsoft Office. “One such project, officepackage, on the main website sourceforge.net, appears harmless enough, containing Microsoft Office add-ins copied from a

Say hello to great new features and enhancements in v21.5.

The malware’s creators insist a new open source version of Neptune is for educational use by pen testers, but a raft of sophisticated backdoor and evasion capabilities says otherwise.