A total of 37 vulnerabilities have been patched, including a critical security flaw in the System component that could lead to remote code execution via Bluetooth with no additional execution privileges needed.

For industries without heavy IT expertise, responding to the myriad vulnerability advisories released by the Cybersecurity and Infrastructure Security Agency is a daunting task.

Cisco Talos recently discovered a new attack framework called “Manjusaka” being used in the wild that has the potential to become prevalent across the threat landscape. This framework is advertised as an imitation of Cobalt Strike.

Austria’s interior ministry said it had not received reports of any incidents. “Of course, (intelligence agency) DSN checks the allegations. So far, there is no proof of the use of spy software from the company mentioned,” it said in a statement.

The founder and leader of the crowdsourced pro-Russian hacktivists Killnet announced his plans to leave the group after an upcoming hack and leak operation against Lockheed Martin.

A research team from dating platform Tinder crafted an automation script that unearthed flaws that enabled the exfiltration of secrets that provide write access to various open source GitHub repositories, including Elastic’s Logstash.

A malicious actor in possession of this information can, therefore, create a Twitter bot army that could be potentially leveraged to spread mis/disinformation on the social media platform.

A security researcher with the handle rgod discovered a flaw in the HttpFile class that results from the lack of proper validation of a user-supplied path prior to using it in file operations.

The ALPHV ransomware gang, aka BlackCat, claimed responsibility for a cyberattack against Creos Luxembourg S.A. last week, a natural gas pipeline and electricity network operator in the central European country.

The US Cybersecurity and Infrastructure Security Agency (CISA) has instructed government organizations — and advised private sector companies — to address a recently disclosed Confluence vulnerability that has been exploited in attacks.