Analysis found that 99% of healthcare organizations are vulnerable to publicly available exploits. The post Critical Condition: Legacy Medical Devices Remain Easy Targets for Ransomware appeared first on SecurityWeek.

Nearly a dozen crypto packages on NPM, including one published 9 years ago, have been hijacked to deliver infostealers. The post 9-Year-Old NPM Crypto Package Hijacked for Information Theft appeared first on SecurityWeek.

Noteworthy stories that might have slipped under the radar: Key members of Hellcat ransomware group identified, controversy around CrushFTP flaw CVE, NYU website hacked and defaced. The post In Other News: Hellcat Hackers Unmasked, CrushFTP Bug Controversy, NYU Hacked appeared first on SecurityWeek.

HTTPS certificate issuance now requires Multi-Perspective Issuance Corroboration and linting to improve validation. The post New Issuance Requirements Improve HTTPS Certificate Validation appeared first on SecurityWeek.

A threat actor tracked as Morphing Meerkat abuses DNS mail exchange (MX) records to deliver spoofed login pages. The post Morphing Meerkat Phishing Kits Target Over 100 Brands appeared first on SecurityWeek.

The Grandoreiro banking trojan has reemerged in new campaigns targeting users in Latin America and Europe. The post Fresh Grandoreiro Banking Trojan Campaigns Target Latin America, Europe appeared first on SecurityWeek.

Firefox developers have determined that their browser is affected by a vulnerability similar to the recent Chrome sandbox escape zero-day. The post Firefox Affected by Flaw Similar to Chrome Zero-Day Exploited in Russia appeared first on SecurityWeek.

Splunk patches high-severity remote code execution and information disclosure flaws in Splunk Enterprise and Secure Gateway App. The post Splunk Patches Dozens of Vulnerabilities appeared first on SecurityWeek.

Russian-speaking espionage group RedCurl has been deploying ransomware on victims’ networks in a recent campaign. The post Russian Espionage Group Using Ransomware in Attacks appeared first on SecurityWeek.

The UK ICO has fined Advanced Computer Software Group £3 million ($3.8 million) over a 2022 data breach resulting from a ransomware attack. The post UK Software Firm Fined £3 Million Over Ransomware-Caused Data Breach  appeared first on SecurityWeek.