This new class of HTTP Request Smuggling vulnerabilities poses a significant risk to thousands of websites, including those protected by Google’s Load Balancer and Identity-Aware Proxy (IAP).

A critical vulnerability (CVE-2024-36991) in Splunk Enterprise on Windows is considered more severe than initially thought, allowing attackers to grab passwords. Various proof-of-concept exploits have been published.

Operation Spincaster, involving law enforcement and government agencies across six countries, as well as 17 cryptocurrency exchanges, has identified 7,000 leads and $162 million in losses.

Targets of TAG-100’s attacks include intergovernmental and diplomatic entities in the Asia-Pacific region, religious organizations in the U.S. and Taiwan, as well as a political party supporting an investigation into the Chinese government.

Cisco has addressed a critical vulnerability that allows attackers to add new users with root privileges and crash Security Email Gateway (SEG) appliances by sending emails with malicious attachments.

The vulnerabilities (CVE-2024-23469, CVE-2024-23466, CVE-2024-23467, CVE-2024-28074, CVE-2024-23471, and CVE-2024-23470) were all rated with severity scores of 9.6/10 and posed risks of unauthorized actions and information disclosure.

With over 150 organizations in 25 countries affected, Qilin’s sophisticated tactics include exploiting vulnerabilities, using tools like Mimikatz for privilege escalation, and evading defenses by deleting logs and using PowerShell commands.

The scam involves deepfake videos of Elon Musk promising insights into the attack and encouraging viewers to participate in a cryptocurrency giveaway by scanning a QR code in the video.

A recent poll of tech managers from CrowdStrike’s 2024 State of Application Security Report revealed that cybersecurity workers only review major updates to software applications 54% of the time.

UnitedHealth is expected to spend over $2.3 billion this year to recover from a cyberattack on its subsidiary Change Healthcare, which is significantly higher than initial estimates.