The Apache Software Foundation has released updates to address a critical file upload vulnerability (CVE-2023-50164) in Struts.
Welcome back to Source Code, Decipher's weekly news wrap podcast with input from our sources.
The NSA, UK's National Cyber Security Centre (NCSC) and Microsoft detailed recent changes in TTPs from a known Russian threat group.
Nathan Hamiel, senior director of research at Kudelski Security, talks about the intersection between AI and cybersecurity.
Researchers are detailing 21 recently patched vulnerabilities that impact certain Sierra Wireless routers, including one critical-severity and nine high-severity flaws.
In two separate intrusions, attackers exploited a ColdFusion vulnerability (CVE-2023-26360) to compromise an unnamed federal government agency.
Fancy Bear, also known as APT28 and Forest Blizzard, has been targeting a Microsoft Exchange flaw (CVE-2023-23397) against targets in Poland.
The patch is available two weeks after the vulnerability was first disclosed on Nov. 14.
The bugs (CVE-2023-42916 and CVE-2023-42917) enable sensitive information disclosure and arbitrary code execution.
The US and several allies have sanctioned eight North Korean nationals, including alleged members of the Kimsuky APT group.
CISA is urging water facilities in the critical infrastructure sector to change the default passwords on their Unitronics devices and disconnect them from the internet after a water treatment facility in Pennsylvania was hit by a cyberattack.
Okta officials said that the September intrusion in its customer support system affected every company in the Okta system.
Shamla Naidoo of Netskope joins Dennis Fisher to discuss her journey from network admin to CISO.
In a series of raids across Ukraine, the agencies apprehended several individuals that allegedly belong to the group, which has encrypted over 250 servers and cost large corporations several hundreds of millions of euros.
On the heels of a ransomware attack, Ardent said facilities are rescheduling elective procedures and diverting some emergency room patients to other local hospitals until systems are back online.