The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added the CVE-2023-29360 Microsoft Streaming Service vulnerability to its Known Exploited Vulnerabilities catalog, which allows attackers to gain SYSTEM privileges.

The UK Department for Science, Innovation and Technology (DSIT) has revealed what its future Cybersecurity Governance Code of Practice will look like and the five principals it will include.

A sophisticated phishing kit with novel tactics targets cryptocurrency platforms and the FCC through a combination of email, SMS, and voice phishing, successfully stealing high-quality data from mobile device users in the United States.

The stolen data may include a wide range of personal information such as Social Security numbers, financial account details, medical information, and usernames and passwords.

The Phobos ransomware strain, distributed through ransomware-as-a-service, has targeted a wide range of organizations, including governments, healthcare, education, and critical infrastructure sectors.

The latest variant of BIFROSE masquerades as VMware by reaching out to a deceptive domain. There has been a spike in BIFROSE activity since October 2023, and a new Arm version of the malware has been discovered.

The critical vulnerability in Facebook’s password reset process involved a rate-limiting issue in a specific endpoint, which could be exploited to brute-force a nonce and gain access to a user’s account.

An exposed database belonging to YX International leaked sensitive data including one-time security codes for major tech and online companies like Facebook, Google, and TikTok.

The breached data included names, Social Security numbers, financial account information, and medical information. An unauthorized third party accessed the firm’s network, leading to a data breach.

The Department of Foreign Affairs in Ireland has found no evidence to support the claim of a cyber extortion group called Mogilevich that it stole data from their IT systems.