Interpol arrested 1,006 suspects in Africa during a massive two-month operation, clamping down on cybercrime that left tens of thousands of victims, including some who were trafficked, and produced millions in financial damages, the global police organization said Tuesday. Operation Serengeti, a joint operation with Afripol, the African Union’s police agency, ran from Sept. 2 […]

Virtualization software vendor VMware on Tuesday released a high-severity bulletin with patches for at least five security defects in its Aria Operations product. The company documented five distinct vulnerabilities in the cloud IT operations platform and warned that malicious hackers can craft exploits to elevate privileges or launch cross-site scripting attacks. Here are the details […]

IBM on Monday announced patches for multiple vulnerabilities across its products, including two high-severity remote code execution (RCE) issues in Data Virtualization Manager and Security SOAR. Tracked as CVE-2024-52899 (CVSS score of 8.5), the flaw in Data Virtualization Manager for z/OS could allow a remote, authenticated attacker to inject malicious JDBC URL parameters, which could […]

The US cybersecurity agency CISA on Monday warned of the in-the-wild exploitation of a critical-severity vulnerability in Array Networks’ Array AG and vxAG secure access gateway products. The issue, tracked as CVE-2023-28461 (CVSS score of 9.8), is described as a remote code execution (RCE) flaw that “allows an attacker to browse the filesystem or execute […]

Auto insurance companies Geico and Travelers were fined $11 million in New York over data breaches that impacted the personal information of over 120,000 individuals. The insurance quoting tools of Government Employees Insurance Company (Geico) were targeted in several cyberattacks starting November 2020, leading to the compromise of a public-facing website’s backend and the theft […]

Two critical vulnerabilities in CleanTalk’s anti-spam plugin for WordPress could allow attackers to execute arbitrary code remotely, without authentication, Defiant warns. The issues, tracked as CVE-2024-10542 and CVE-2024-10781 (CVSS score of 9.8), affect the ‘Spam protection, Anti-Spam, FireWall by CleanTalk’ plugin, which has more than 200,000 active installations. Both flaws could allow remote, unauthenticated attackers […]

A ransomware attack on supply chain management software provider Blue Yonder has caused significant disruptions for some of the company’s customers, including several major firms.  Arizona-based Blue Yonder revealed on November 21 that its managed services hosted environment had been experiencing disruptions due to a ransomware attack.  The company immediately launched an investigation and started […]

Zyxel has issued a fresh warning on threat actors exploiting a recently patched command injection vulnerability in its firewalls after security firms have observed a ransomware group targeting the flaw for initial compromise. The bug, tracked as CVE-2024-42057, could allow remote attackers to execute OS commands on vulnerable devices, without authentication. Zyxel announced patches for […]

The myPRO product of Czech industrial automation company mySCADA is affected by several critical vulnerabilities, including ones that can allow a remote, unauthenticated attacker to take complete control of the targeted system.  myPRO is a human-machine interface (HMI) and supervisory control and data acquisition (SCADA) system designed for visualizing and controlling industrial processes. The product […]

Cybersecurity firm Halcyon has closed a $100 million Series C funding round to fuel growth and support its mission to combat ransomware. This latest funding round brings the total amount raised by the Austin, Texas-based company to $190 million, including a $50 million Series A in April 2023 and a $40 million Series B in December […]