Cybersecurity News

Cybersecurity News including Analytics, CISO, Cloud Security, Cybercrime, Data Security, DevOps, GRC, IoT, Social Engineering, Threats & Breaches and more.

vulnerability zero day

Google: Zero-Day Attacks Rise, Spyware and China are Dangers

The number of zero-day vulnerabilities that are exploited jumped in 2023, with enterprises becoming a larger target and spyware vendors and China-backed cyberespionage groups playing an increasingly bigger role, according to Google cybersecurity experts. In a report this week, researchers with Google’s Threat Analysis Group (TAG) and its Mandiant business ... Read More
Checkmarx CNAPP cloud security palo alto networks Deloitte Broadcom report cloud security threat

Checkmarx Aligns With Wiz to Improve Application Security

Checkmarx has integrated its platform for securing application development environments with Wiz's CNAPP ... Read More
AI vulnerability

Hundreds of Clusters Attacked Due to Unpatched Flaw in Ray AI Framework

Thousands of servers running AI workloads are under attack by threat actors exploiting an unpatched vulnerability in the open-source Ray AI framework – widely used by such companies as OpenAI, Uber, Amazon, Netflix, and Cohere – giving hackers entrée to huge amounts of data and compute power. The campaign has ... Read More
SQL injection database

CISA, FBI Push Software Developers to Eliminate SQL Injection Flaws

The federal government is putting pressure on software makers to ensure that their products don’t include SQL injection vulnerabilities, a longtime and ongoing threat that was put in the spotlight with last year’s far-reaching hack of Progress Software’s MOVEit managed file transfer tool. CISA and the FBI this week issued ... Read More
supply chain, SBOM, cybersecurity, SLSA organizations third party attacks supply chain supply chain ransomware The Kill Chain Model

Complex Supply Chain Attack Targets GitHub Developers

Unidentified threat actors used multiple tactics to launch a sophisticated software supply-chain campaign targeting developers on the GitHub platform, including members of the popular community that includes more than 170,000 members. The attackers used a range of tactics and techniques, from leveraging stolen browser cookies to take over accounts ... Read More
China cyberespionage

US, UK Accuse China of Years-Long Cyberespionage Campaign

The United States, the UK, and other countries this week accused a state-sponsored Chinese threat group of running a massive global hacking campaign for more than a decade that targeted political figures, journalists, businesses, political dissidents, and elections officials to steal information and spy on targets. U.S. Attorney Breon Peace ... Read More
data, compliance, audit Box data security, management, organizations, GDPR, Strike Force privacy, vendors, RFPs, cloud, data security DLP Iran DUMPS Conti Hackers Sandbox government HackerOne IBM data security

Cybersecurity a Top Priority for Audit Committees

Audit committees consider cybersecurity their primary oversight focus as the SEC enforces tougher cyberattack disclosure regulations ... Read More