The Taiwanese vendor QNAP has released security updates to fix eight vulnerabilities, including XSS and command injection bugs, that could be exploited by attackers to over unpatched NAS devices.

Forescout Technologies disclosed 33 new vulnerabilities, including four remote code execution flaws, in four different open-source TCP/IP stacks used by major IoT, OT, and IT device vendors.

A large-scale phishing campaign is targeting 200 million Microsoft 365 users around the world, particularly within the financial services, healthcare, insurance, manufacturing, utilities, and telecom sectors.

Dragos, a Maryland-based industrial cybersecurity company, it raised $110 million, the latest sign that investors are pouring money into securing the critical infrastructure.

This year’s annual defense policy bill, known as the National Defense Authorization Act (NDAA), is loaded with provisions that would reshape the federal bureaucracy on cybersecurity.

Cisco has released security updates to address multiple pre-authentication bugs with public exploits affecting Cisco Security Manager that could allow for RCE attack after successful exploitation.

A phishing scheme discovered by Abnormal Security involved an email impersonating a vendor to bypass the victim’s Proofpoint gateway and set up a trap to steal Office 365 credentials.

With the promise of a widely available COVID-19 vaccine on the horizon, Europol, the European Union’s law-enforcement agency, has issued a warning about the rise of vaccine-related Dark Web activity.

The Middle East region is facing a “cyber pandemic” with COVID-19 related attacks skyrocketing this year, according to the United Arab Emirates government’s top cyber security chief.

Google has set up a new site to track cross-site leaks, warning that these types of flaws are being used by some sites to steal information about the user or their data in other web applications.