The US cybersecurity agency, CISA, has warned organizations about critical vulnerabilities found in a human-machine interface (HMI) product made by the Taiwan-based Weintek. The impacted product is used globally, including in critical manufacturing.

The Black Basta ransomware gang claimed responsibility for the attack, but the extent of the data stolen is unknown. The company confirmed the incident and stated that they are working with law enforcement to address the issue.

The attackers behind the XorDDoS campaign have migrated their offensive infrastructure to legitimate public hosting services, making it harder to block their command and control (C2) traffic.

The Knight group threatened to release stolen files and provided countdown links. However, the parent company, BMW, has not confirmed the attack. The website for BMW Munique Motors is still operational.

These include authenticated remote code execution via “zip slip” and WebDAV path traversal, session fixation on the remote administration server, information disclosure via path traversal on FTP, and information disclosure in the admin interface.

Data transmission faces a looming threat from Harvest Now, Decrypt Later (HNDL) attacks, where encrypted data is collected and stored with the intention of decrypting it in the future using advancements in computing or quantum technologies.

A new report by Trellix reveals that Discord, a popular communication platform, is being increasingly used by hackers, including advanced persistent threat (APT) groups, to target critical infrastructure.

A recent survey by Hornetsecurity reveals that 60% of companies are highly concerned about ransomware attacks, highlighting the urgency for robust protection measures and the active involvement of leadership in preventing such incidents.

Dozens of vulnerabilities in the Squid caching and forwarding web proxy, a widely used open-source proxy, remain unpatched two years after being discovered by researcher Joshua Rogers.

The US EPA has withdrawn cybersecurity rules for public water systems due to lawsuits filed by states and non-profit water associations, citing concerns about financial burden and cybersecurity vulnerabilities.