North Korean hackers stole approximately $660 million in cryptocurrency in 2024, the US, Japan, and South Korea said in a joint statement on Tuesday. Warning the blockchain technology industry of the threat posed by the North Korean hacking groups, the statement reiterates that the stolen funds are used to fuel Pyongyang’s “unlawful weapons of mass […]

Ivanti on Tuesday announced patches for multiple critical- and high-severity vulnerabilities in Avalanche, Application Control Engine, and Endpoint Manager (EPM). The most severe of the resolved flaws are four absolute path traversal issues in Ivanti EPM that could allow remote, unauthenticated attackers to leak sensitive information. Tracked as CVE-2024-10811, CVE-2024-13161, CVE-2024-13160, and CVE-2024-13159 (CVSS score […]

Fortinet on Tuesday published over a dozen new advisories describing critical- and high-severity vulnerabilities found recently in the company’s products, including a zero-day flaw that has been exploited in the wild since at least November 2024.  The zero-day is tracked as CVE-2024-55591 and it has been described by Fortinet as a critical vulnerability affecting FortiOS […]

Schneider Electric, Siemens, Phoenix Contact and CISA have released ICS product security advisories on the January 2025 Patch Tuesday. Schneider Electric published nine new advisories this month. Six of them describe high-severity vulnerabilities affecting PowerLogic HDPM6000 High-Density Metering System (privilege escalation), RemoteConnect and SCADAPackTM x70 utilities (potential remote code execution), Modicon M340 and BMXNO communication […]

Software maker Adobe on Tuesday rolled out fixes for more than a dozen security defects in multiple products and warned that malicious hackers can exploit these bugs in remote code execution attacks. The company said the vulnerabilities affect Adobe Photoshop, Substance 3D Stager, Illustrator for iPad, Adobe Animate, and the Adobe Substance 3D Designer.  According […]

Microsoft’s struggles with zero-days have stretched into 2025 with fresh news of a trio of already-exploited vulnerabilities in the Windows Hyper-V platform. The software giant on Tuesday called urgent attention to three separate flaws in the Windows Hyper-V NT Kernel Integration Virtualization Service Provider (VSP) and warned that malicious attackers are already launching privilege escalation […]

President Joe Biden on Tuesday signed an ambitious executive order on artificial intelligence that seeks to ensure the infrastructure needed for advanced AI operations, such as large-scale data centers and new clean power facilities, can be built quickly and at scale in the United States. The executive order directs federal agencies to accelerate large-scale AI […]

The UK government has introduced a consultation process (running until April 8, 2025) for a proposed ban on ransomware payments by the public sector, and by owners and operators of regulated critical national infrastructure (CNI). The ban on paying ransoms is coupled with more stringent reporting requirements. Organizations outside the ban, and legally able to […]

The World Economic Forum (WEF) Global Cybersecurity Outlook 2025 report examines the challenges and effects caused by an increasingly complex global cybersecurity landscape. The challenges primarily come from new technology, increasing criminal sophistication (both financially motivated and nation-affiliated groups), lengthening supply chains, geopolitical tensions, regulations, and the continuing skills gap. The primary effect is a […]

Cyber threat prevention solutions provider BforeAI on Tuesday announced raising $10 million in Series B funding. The latest funding, which brings the total raised by the company to more than $30 million, was led by Titanium Ventures, with participation from SYN Ventures, Karista, and Addendum Capital. BforeAI previously raised $15 million in a Series A […]