The lead investor in this round is One Peak, the U.K. later-stage firm focusing on enterprise tech. Previous backers Energy Impact Partners and Balderton Capital are also participating.

According to the indictment, between 2015 and 2024, the APT31 group, linked to China’s Ministry of State Security, targeted thousands of U.S. and Western politicians, foreign policy experts, academics, journalists, and democracy activists.

The company published a document containing recommendations against password spray attacks aimed at Remote Access VPN (RAVPN) services. The IT giant pointed out that the attacks are also targeting third-party VPN concentrators.

With thousands of packages available, the repository is an attractive target for threat actors, who often upload typosquatted or fake packages to compromise software developers and potential supply-chain attacks.

Harvard Pilgrim said the files involved may contain personal data and protected health information on current and former subscribers and dependents, as well as current contracted providers.

The vulnerabilities addressed by the updates impact several Ubuntu releases, including Ubuntu 22.04 LTS, Ubuntu 20.04 LTS, Ubuntu 23.10, Ubuntu 23.04, Ubuntu 18.04, and Ubuntu 16.04.

According to researcher Jeremiah Fowler, the server was affiliated with OTrack, also known as Optimum Pupil/Sonar Tracker, developed by Juniper Education. OTrack is utilized by over 7,000 primary and secondary schools across the United Kingdom.

The discovery and exploitation of zero-day vulnerabilities in enterprise-specific software and appliances appears to be outpacing the leveraging of zero-day bugs overall, judging by Google’s latest research.

The Cybersecurity and Infrastructure Security Agency (CISA) posted the 447-page set of regulations under the Cyber Incident Reporting for Critical Infrastructure Act to the Federal Register, allowing the public to comment on it.

Breach notification letters sent to potentially impacted customers this week reveal that attackers targeted Hot Topic Rewards accounts in automated attacks using login information obtained from an unknown source.