New details have emerged about a patched vulnerability in Microsoft 365 Copilot that could lead to the theft of sensitive user information through a technique known as ASCII smuggling.

According to AppOmni, one-third of organizations experienced SaaS data breaches last year due to a lack of visibility and control, as revealed by a survey of 644 enterprises globally.

SonicWall has addressed a critical vulnerability (CVE-2024-40766) in its next-gen firewalls, which could be exploited by remote attackers to gain unauthorized access and potentially crash the devices.

Diversifying suppliers and systems can help minimize risks, as shown by corporations that purchase networking equipment from multiple vendors to prevent total network failure in case of vendor issues.

Researchers found that attackers are leveraging PythonAnywhere cloud platform to host and distribute malicious files using Razr ransomware discreetly. The ransomware generates a unique machine ID, encryption key, and IV to begin operations.

The project is led by Ukrainian cyber entrepreneur Yehor Aushev and is unique in that it is free and open to a wide range of citizens, including students, researchers, and state officials.

NASA’s IV&V Facility is expanding its cybersecurity services to enhance the safety of its missions. This initiative includes incorporating cybersecurity assessments into their traditional roles of software examination.

Nuclei is an open-source vulnerability scanner known for its speed and customizable YAML-based templates. It offers flexibility in security checks by allowing customization of templates to send requests to multiple targets.

The Dutch Data Protection Authority (AP) announced the €290m ($324m) fine yesterday, claiming that it stems from the same concerns that have led to years-long legal wranglings between the EU and US.

Cybercriminals are sending malicious SMS messages demanding payment for non-existent charges across Illinois, Florida, North Carolina, and Washington. These scams imitate state authorities and provide links to fake payment websites to steal data.