Dan McInerney, currently lead AI threat researcher at Protect AI, came late to tech hacking. He was a 22-years old psychology grad when he started. His journey, however, provides new insights into the creation and motivation of a hacker. Most hackers define themselves as someone driven by curiosity to understand how an object – it […]

The information of more than 760,000 employees of several major organizations emerged online on Monday morning after a threat actor dumped it on a popular hacking forum. The data apparently originates from last year’s massive MOVEit hack, in which a zero-day vulnerability in Progress Software’s file transfer software was used to steal sensitive information from […]

Nearly $1.49 billion in cryptocurrency losses have been registered to date in 2024, mainly due to hacking incidents, a new report from web3 bug bounty platform Immunefi shows. The total year-to-date losses have dropped compared to last year, when they surpassed $1.75 billion during the period, and were mainly driven by losses of over $359 […]

Energy sector contractor ENGlobal Corporation on Monday announced that some of its operations have been affected by a ransomware attack. In a regulatory filing with the US Securities and Exchange Commission, the company revealed that it discovered the attack on November 25 and took certain systems offline to contain the incident. “The preliminary investigation has […]

Cisco on Monday updated an advisory covering a decade-old vulnerability to warn customers about in-the-wild exploitation.  The vulnerability is tracked as CVE-2014-2120 and it has been described as a medium-severity cross-site scripting (XSS) vulnerability affecting the WebVPN login page of Cisco Adaptive Security Appliance (ASA) products. According to the networking giant, an unauthenticated, remote attacker […]

AWS on Sunday announced a new service that provides organizations with quick and effective security incident management capabilities. The new Security Incident Response, AWS says, relies on automation to triage and analyze security signals from Amazon GuardDuty and integrated third-party detection solutions through the AWS Security Hub cloud security posture management service. With Security Incident […]

The discovery of a prototype UEFI bootkit targeting specific Ubuntu Linux setups has deepened with revelations linking its creation to a South Korean university project and the integration of a LogoFAIL exploit to bypass Secure Boot verifications. According to SecurityWeek sources, Bootkitty is a research project from South Korea’s BoB (“Best of the Best”) academic […]

Forty-nine cybersecurity-related merger and acquisition (M&A) deals were announced in November 2024. This was a record month for 2024 in terms of M&A deals.  An analysis conducted by SecurityWeek shows that 178 cybersecurity M&A deals were announced in the first half of 2024, representing the least busy half year since SecurityWeek started tracking M&A deals […]

Zabbix has warned of a critical-severity vulnerability in its open source enterprise networking monitoring solution that could allow attackers to inject arbitrary SQL queries and compromise data or the system. Tracked as CVE-2024-42327 (CVSS score of 9.9), the security defect exists in a function that is available to any user with a role that has […]

Two National Health Service (NHS) hospitals in the UK disclosed cyberattacks last week, and at least one of the attacks was conducted by a ransomware group. Alder Hey Children’s Hospital said it was investigating claims that its systems may have been breached and that patient records and other information was stolen. “We are aware that […]