Автор: Nate Nelson, Contributing Writer

A newly discovered vulnerability, CVE-2024-53677, in the aging Apache framework is going to cause major headaches for IT teams, since patching isn’t enough to fix it.

Cyberattackers used fake DocuSign links and HubSpot forms to try to solicit Azure cloud logins from hundreds of thousands of employees across Europe.

Hackers are abusing legitimate Windows utilities to target Thai law enforcement with a novel malware that is a mix of sophistication and amateurishness.

A new side-channel attack method is a computationally practical way to infer the structure of a convolutional neural network — meaning that cyberattackers or rival companies can plagiarize AI models and take their data for themselves.

Open source Prometheus servers and exporters are leaking plaintext passwords and tokens, along with API addresses of internal locations.

The rules necessary to secure US communications have already been in place for 30 years, argues Sen. Wyden, the FCC just hasn’t enforced them. It’s unclear if they will help.

A Chinese threat actor infiltrated several IT and security companies in a bring-your-own VS code, with an eye to carrying out a supply-chain-based espionage attack.

A single barrier prevented attackers from exploiting a critical vulnerability in an enterprise collaboration platform. Now there’s a workaround.

Parasitic advanced persistent threat Secret Blizzard accesses another APT’s infrastructure and steals what it has stolen from South Asian government and military targets.

Websites these days know everything about you — even some details you might not realize. Hackers can take advantage of that with a sharp-toothed attack that exploits Europe’s GDPR-mandated data portability rules.