Vulnerability ManagementAttacks on Ivanti appliances demonstrate danger of chained exploitsShaun NicholsJanuary 24, 2025CISA warned that attackers are chaining a number of CVE-listed vulnerabilities into a single exploit script.
PhishingReddit, WeTransfer pages spoofed in Lumma Stealer campaignLaura FrenchJanuary 24, 2025Nearly 1,000 imitation pages were discovered, targeting users looking for other software.
Vulnerability ManagementQNAP patches six Rsync bugs that could lead to RCEs on NAS devicesSteve ZurierJanuary 24, 2025Small and midsize companies tend not to check for NAS updates, so customers advised to patch right away.
Governance, Risk and ComplianceNew York fines PayPal $2 million for shoddy security practicesShaun NicholsJanuary 23, 2025Settlement stems from 2022 data breach that saw some customer Social Security numbers exposed to threat actors.
AI/MLGhostGPT offers AI coding, phishing assistance for cybercriminalsLaura FrenchJanuary 23, 2025The “uncensored” GenAI tool was advertised on cybercrime forums with a focus on BEC scams.
Vulnerability ManagementSonicWall fixes bug rated 9.8 in mobile management applianceSteve ZurierJanuary 23, 2025Customers should patch immediately as the bug has already been exploited in the wild.
Vulnerability ManagementHigh-severity flaw in file archiver 7-Zip requires manual updateLaura FrenchJanuary 22, 2025The vulnerability could enable attackers to use nested archives to bypass Windows security warnings.
Vulnerability ManagementFake Homebrew site leverages Google ads to target macOS, Linux devicesSteve ZurierJanuary 22, 2025Attackers drop infostealer malware that grabs credentials, web browser data, and crypto wallets.
AI/MLTrump repeals 2023 Biden administration executive order on AILaura FrenchJanuary 21, 2025The reversal removes certain reporting requirements for developers of powerful foundation models.
Data SecurityEx-CIA intelligence analyst charged for stealing, sharing secretsShaun NicholsJanuary 21, 2025Virginia man faces up 10 years in prison for two counts of willful retention and transmission of classified information.