Aerospace and defense giant General Dynamics says threat actors compromised dozens of employee benefits accounts after a successful phishing campaign targeting its personnel. The unauthorized activity was discovered on October 10, after the attackers had accessed and made changes to the employee benefits accounts through a login portal hosted by a third party. According to […]

The notorious Cl0p ransomware group will soon name more than 60 organizations that were hacked recently through the exploitation of vulnerabilities in file transfer products from enterprise software developer Cleo. Cl0p took credit for the Cleo attacks in mid-December, telling SecurityWeek at the time that they had hit “quite a lot” of targets as part […]

Japan Airlines said it was hit by a cyberattack Thursday, causing delays to more than 20 domestic flights but the carrier said it was able to stop the onslaught and restore its systems hours later. There was no impact on flight safety, it said. JAL said the problem started Thursday morning when the company’s network […]

The Federal Bureau of Investigation (FBI) is publicly blaming North Korean government hackers for a $308 million cryptocurrency heist from Bitcoin.DMM.com earlier this year. A brief statement from the FBI said it worked with Japan’s National Police Agency (NPA) to trace the theft of 4,502.9 BTC to “TraderTraitor,” a known Pyongyang hacking team that targets […]

American Addiction Centers is notifying more than 422,000 people that their personal information was stolen in a recent data breach. The Brentwood, Tennessee-based organization provides inpatient and outpatient substance abuse treatment services through a network of rehabilitation facilities across multiple states. It employs over 2,700 people. The incident was identified on September 26, but the […]

The 2025 National Defense Authorization Act (NDAA), signed into law by President Biden on Monday, authorizes several cyber-related initiatives, including funding for the FCC’s Rip-and-Replace program. Over the past several years the US has been working on removing China-made equipment from telecommunications networks due to the cyber and national security threats posed by such devices.  […]

Adobe on Monday warned that proof-of-concept (PoC) code exists for a fresh ColdFusion vulnerability. Tracked as CVE-2024-53961 (CVSS score of 7.4), the security defect is described as a path traversal issue leading to arbitrary file system read if the ‘pmtagent’ package is installed on the ColdFusion server. “An attacker could exploit this vulnerability to access files […]

Shadow IT is a fairly well-known problem in the cybersecurity industry. It’s where employees use unsanctioned systems and software as a workaround to bypass official IT processes and restrictions. Similarly, with AI tools popping up for virtually every business use case or function, employees are increasingly using unsanctioned or unauthorized AI tools and applications without […]

Ascension Health is notifying roughly 5.6 million individuals that their personal, medical, and payment information was compromised in a ransomware attack in May 2024. The incident occurred on May 8 and resulted in service disruptions that prompted hospitals around the country to revert to downtime procedures and divert emergency medical services. The healthcare giant was […]

Sophos has announced patches for a critical-severity vulnerability in its firewall products that could allow remote attackers to execute arbitrary code without authentication. Tracked as CVE-2024-12727 (CVSS score of 9.8), the issue is described as an SQL injection bug affecting the email protection feature. The flaw enables attackers to access the reporting database of the […]