Russian spies hacked UK government systems earlier this year, stealing data and emails in a nation-state attack. The breach targeted the Home Office’s systems, which had not been previously reported.

An issue with Microsoft’s Entra ID identity and access management service could allow a hacker with admin-level access to gain global administrator privileges within an organization’s cloud environment.

Copilot is an AI-based chatbot used by enterprises to streamline tasks, but it can also be manipulated by attackers to steal data and conduct phishing scams without leaving a trace.

The U.S. State Department has offered a $10 million reward for information on six Iranian government hackers who allegedly targeted U.S. water utilities last fall. These individuals were previously sanctioned for targeting critical infrastructure.

The number of incidents affecting GitHub, Bitbucket, GitLab, and Jira is on the rise, leading to outages, human errors, cyberattacks, data breaches, ransomware, security vulnerabilities, and data loss for DevSecOps teams, according to GitProtect.io.

According to a report by Rapid7, a total of 21 new or rebranded groups have emerged since January 2024, alongside existing groups like LockBit, which has survived law enforcement crackdowns.

The $27 million in costs included insurance recoveries, investigation and remediation costs, customer notifications, legal fees, and settlement costs for a class-action lawsuit.

The vulnerabilities were promptly patched by AWS after being reported by Aqua Security researchers. These flaws in services like CloudFormation, CodeStar, and Service Catalog could potentially lead to a full account takeover if exploited.

CISA has released a guide to enhance how organizations evaluate software manufacturers’ security practices, emphasizing product security over enterprise security measures for defending against cyber threats.

Threat actors are actively exploiting a critical remote code execution vulnerability in Progress WhatsUp Gold 23.1.2 and older versions, identified as CVE-2024-4885 with a CVSS v3 score of 9.8.