Vulnerability ManagementFortra FileCatalyst RCE bug disclosed; full PoC exploit availableLaura FrenchMarch 18, 2024First patched in August, the critical vulnerability enables unauthenticated web shell deployment.
Application securityFake Google Docs on Google Sites launch AZORult infostealer campaignSteve ZurierMarch 18, 2024Azorult infostealer aims to steal user credentials and credit card information via HTML smuggling.
Network SecurityUpdate delays to NIST vulnerability database alarms researchersSimon HenderyMarch 18, 2024Crucial enrichment data is not being added to NVD entries as NIST works through a “transition” process.
RansomwareSTOP ransomware, more common than LockBit, gains stealthier variantLaura FrenchMarch 15, 2024The variant performs 65 million data copies as a delay tactic and employs dynamic API resolution.
Cloud SecurityMicrosoft reminds DevOps teams that unified domain goes live in JuneSteve ZurierMarch 15, 2024Dev teams need to prepare so they can make an orderly transition to "teams.cloud.micrisoft."
AI/MLEU AI Act: Cyber pros sound off on rules for ‘high-risk’ AI, deepfakesLaura FrenchMarch 14, 2024The regulations will likely have a global impact and influence as AI tech rapidly evolves, experts say.
Application securityAkamai offers POC and Open Policy Agent to block Kubernetes bugSteve ZurierMarch 14, 2024Vulnerability allows remote code execution with System privileges on all Windows endpoints within a Kubernetes cluster.
RansomwareHHS investigating ‘unprecedented’ Change Healthcare ransomware attackSimon HenderyMarch 14, 2024The probe will establish whether HIPAA privacy, security and beach notification met compliance rules.
IdentityRedLine malware top credential stealer of last 6 monthsStephen WeigandMarch 14, 2024RedLine was used to steal over 170 million passwords in the last six months, or nearly half of all stolen passwords.
Application securityChatGPT 0-click plugin exploit risked leak of private GitHub reposLaura FrenchMarch 13, 2024Other flaws could leak ChatGPT conversations and third-party account details, researchers found.