Security
Headlines
HeadlinesLatestCVEs

Latest News

CISO Stature Rises, but Security Budgets Remain Tight

The rate of compensation gains has slowed from the COVID years, and budgets remain largely static due to economic fears, but CISOs are increasingly gaining executive status and responsibilities.

DARKReading
Open in Source
Cops in Germany Claim They’ve ID’d the Mysterious Trickbot Ransomware Kingpin

The elusive boss of the Trickbot and Conti cybercriminal groups has been known only as “Stern.” Now, German law enforcement has published his alleged identity—and it’s a familiar face.

Wired
Open in Source
#web#git#intel#auth
Threat Actor Claims TikTok Breach, Puts 428 Million Records Up for Sale

Alleged TikTok Breach: Threat actor “Often9” claims to sell 428M user records, including emails, phones, and account details on dark web forum.

ConnectWise Breached, ScreenConnect Customers Targeted

The software company, which specializes in remote IT management, said a "sophisticated nation state actor" was behind the attack but provided few details.

Victoria’s Secret US Website Restored After Security Incident

Victoria’s Secret website was down due to a ‘security incident’ impacting online and some in-store services. Get the…

China-Linked Hackers Exploit SAP and SQL Server Flaws in Attacks Across Asia and Brazil

The China-linked threat actor behind the recent in-the-wild exploitation of a critical security flaw in SAP NetWeaver has been attributed to a broader set of attacks targeting organizations in Brazil, India, and Southeast Asia since 2023. "The threat actor mainly targets the SQL injection vulnerabilities discovered on web applications to access the SQL servers of targeted organizations," Trend

From the "Department of No" to a "Culture of Yes": A Healthcare CISO's Journey to Enabling Modern Care

Breaking Out of the Security Mosh Pit When Jason Elrod, CISO of MultiCare Health System, describes legacy healthcare IT environments, he doesn't mince words: "Healthcare loves to walk backwards into the future. And this is how we got here, because there are a lot of things that we could have prepared for that we didn't, because we were so concentrated on where we were." This chaotic approach has

Chinese Phishing Service Haozi Resurfaces, Fueling Criminal Profits

A Chinese-language PhaaS platform Haozi is making cybercrime easy with no tech skills needed. Discover how this plug-and-play service facilitated over $280,000 in illicit transactions.

GHSA-8w7f-8pr9-xgwj: Apache Superset: Improper authorization bypass on row level security via SQL Injection

An authenticated malicious actor using specially crafted requests could bypass row level security configuration by injecting SQL into 'sqlExpression' fields. This allowed the execution of sub-queries to evade parsing defenses ultimately granting unauthorized access to data. This issue affects Apache Superset: before 4.1.2. Users are recommended to upgrade to version 4.1.2, which fixes the issue.

U.S. Sanctions Funnull for $200M Romance Baiting Scams Tied to Crypto Fraud

The U.S. Department of Treasury's Office of Foreign Assets Control (OFAC) has levied sanctions against a Philippines-based company named Funnull Technology Inc. and its administrator Liu Lizhi for providing infrastructure to conduct romance baiting scams that led to massive cryptocurrency losses. The Treasury accused the Taguig-headquartered company of enabling thousands of websites involved in