SecurityWeek reports that Siemens has confirmed that its Ruggedcom APE1808 devices configured with a Palo Alto Networks virtual next-generation firewall may be impacted by the actively exploited Palo Alto Networks firewall vulnerability, tracked as CVE-2024-3400.

Threat actors could potentially launch a software supply chain attack by exploiting a dependency confusion flaw impacting the archived Apache Cordova App Harness project, which had been discontinued five years ago, reports The Hacker News.

North Korean state-sponsored advanced persistent threat operations Lazarus Group, Kimsuky, and Andariel were noted by South Korea's National Police Agency to have targeted several South Korean defense industry entities since late 2022 in a bid to obtain intelligence regarding defense technologies, reports Security Affairs.

Robofly, CRUSHFTP, Github, Palo Alto, MITRE, Fancy Bear, Deepfakes, Aaran Leyland, and more, on this Edition of the Security Weekly News.

Microsoft says the launcher application is unique to Russia’s APT28 threat group and can lead to remote code execution.

Increasingly prevalent cybersecurity risks have prompted Bitsight and Moody's Corp., to collaborate and develop the new Implied Cyber Threat service aimed at strengthening cyber risk management efforts, SiliconAngle reports.

Forty-nine of 55 requirements under the Biden administration's executive order aimed at bolstering federal IT systems' cybersecurity defenses were noted by the Government Accountability Office to have already been fulfilled by the Cybersecurity and Infrastructure Security Agency, the Office of Management and Budget, and the National Institute of Standards and Technology, reports FedScoop.