The first, CVE-2023-45139, involved a high-severity bug in the FontTools library. The second and third vulnerabilities, CVE-2024-25081 and CVE-2024-25082, were related to naming conventions and compression.
The Tycoon and Storm-1575 threat groups use stealthy tactics, social engineering, and phishing techniques to bypass MFA protections and target Microsoft 365 credentials at large US school districts.
The GovQA platform, used by state and local governments for public records requests, had vulnerabilities that could have allowed hackers to access sensitive personal information, edit requests, and download unsecured files.
A new malware campaign was found targeting the Popup Builder WordPress plugin, exploiting a vulnerability disclosed in November 2023. The campaign injects malicious code into websites, leading to over 3,300 infections.
CISA Adds Apple iOS and iPadOS Memory Corruption Bugs to its Known Exploited Vulnerabilities Catalog
These memory corruption vulnerabilities, tracked as CVE-2024-23225 and CVE-2024-23296, were exploited in attacks against iPhone devices. Apple released emergency security updates to address these zero-day vulnerabilities.
More than 18,000 New Jersey law enforcement personnel are alleging that LexisNexis retaliated against them by freezing their credit and falsely reporting them as identity theft victims after they requested their information to remain private.
Adversaries can exploit AI-powered applications to manipulate information, create harmful content, and develop deep fake media, posing significant risks to organizations.
Investment in the right technology and IT partners has led to fewer SMBs experiencing cyberattacks, with 64% of MSPs reporting less than 10% of their SMB customers being hit, according to Kaseya.
Russian Influence Operations Against Baltic States and Poland Having ‘Significant Impact’ on Society
These campaigns aim to downplay the impact of Western sanctions on Russia’s economy, fuel confrontation among Western countries, and spread fear and panic among the targeted populations.
Google has released the Android March 2024 security patches, addressing a total of 38 vulnerabilities, including two critical issues. These vulnerabilities could lead to remote code execution and elevation of privilege for attackers.