Adobe on Sunday rolled out patches to contain a critical security vulnerability impacting its Commerce and Magento Open Source products that it said is being actively exploited in the wild.

Cloudflare has purchased Vectrix to detect and mitigate issues like inappropriate filing sharing and user permission misconfigurations in tools like AWS, Google Workspace and GitHub.

The U.S. Cybersecurity & Infrastructure Security Agency (CISA) has added to its catalog of actively exploited vulnerabilities another 15 security issues actively used in cyberattacks.

Salt Security raised $140 million on a $1.4 billion valuation to expand R&D investment, fuel sales and marketing, and more rapidly grow its international operations. The round was led by CapitalG.

The report by Chainalysis also listed the most prolific ransomware groups by total payments received, finding that Conti led the way with at least $180 million made from ransoms.

According to a security researcher, a malicious developer could harvest Facebook data using the same access method, because Facebook is exposing a plain-text token described as “god mode.”

A previously unknown hacking group has been linked to targeted attacks against human rights activists, human rights defenders, academics, and lawyers across India in an attempt to plant “incriminating digital evidence.”

CVE-2022-22620 is a use after free issue in WebKit, the browser engine used in Safari and all iOS web browsers. Apple fixed it in iOS 15.3.1 and iPadOS 15.3.1, macOS Monterey 12.2.1, and Safari 15.3.

Researchers from Proofpoint spotted a new phishing campaign that targeted multiple Middle Eastern governments, foreign-policy think tanks, and a state-affiliated airline, with the new NimbleMamba trojan. NimbleMamba is believed to share some similarities with Molerats’ previous executable LastConn that was first reported in June 2021.