Cisco has alerted users to a maximum-severity zero-day flaw in Cisco AsyncOS software that has been actively exploited by a China-nexus advanced persistent threat (APT) actor codenamed UAT-9686 in attacks targeting Cisco Secure Email Gateway and Cisco Secure Email and Web Manager. The networking equipment major said it became aware of the intrusion campaign on […]

Software company ServiceNow is in advanced talks to buy cybersecurity startup Armis, which was last valued at $6.1 billion, Bloomberg reported. The deal, which could reach $7 billion in value, would be ServiceNow’s largest acquisition, the outlet said, citing people familiar with the situation who asked not to be identified because the talks are private. […]

OpenAI says the cyber capabilities of its frontier AI models are accelerating and warns Wednesday that upcoming models are likely to pose a “high” risk, according to a report shared first with Axios. Why it matters: The models’ growing capabilities could significantly expand the number of people able to carry out cyberattacks. Driving the news: OpenAI said it has […]

A critical persistence technique in AWS Identity and Access Management (IAM) stemming from its eventual consistency model, allowing attackers to retain access even after defenders delete compromised access keys. AWS IAM, like many distributed systems, employs eventual consistency to scale across regions and replicas. Updates to resources such as access keys or policies propagate with a predictable […]

Hackers affiliated with the Scattered Lapsus$ Hunters might be preparing a threat campaign against Zendesk environments, according to Reliaquest researchers. About 40 typoquatting and impersonating domains have been created over the past six months that mimic Zendesk environments, according to a blog published Wednesday by Reliaquest. Zendesk is a company that provides cloud-based customer service […]

India’s telecoms ministry has privately asked smartphone makers to preload all new devices with a state-owned cybersecurity app that cannot be deleted, a government order showed, a move likely to antagonise Apple and privacy advocates. In tackling a recent surge of cybercrime and hacking, India is joining authorities worldwide, most recently in Russia, to frame rules blocking the use […]

One of the banking industry’s biggest vendors is responding to a cyberattack that has compromised some of its clients’ sensitive data. SitusAMC, which major banks use to manage their real-estate loans and mortgages, announced on Saturday that hackers broke into its systems on Nov. 12 and stole data that included banks’ “accounting records and legal agreements,” as […]

Australia’s mining and manufacturing sectors are taking up to two years to notice and report cyber breaches to authorities, prompting concerns about the cybersecurity of industries critical to the nation’s economy. New figures obtained under Freedom of Information (FOI) laws show 187 data breaches across the two sectors have exposed the personal information of up […]

Microsoft Azure thwarted what may be the largest distributed denial-of-service (DDoS) attack ever recorded in the cloud on October 24. The attack peaked at 15.72 terabits per second (Tbps) and unleashed nearly 3.64 billion packets per second (pps), targeting a single endpoint in Australia. Azure’s automated DDoS Protection service sprang into action, filtering out the […]

Synnovis, a leading UK pathology services provider, is notifying healthcare providers that a data breach occurred following a ransomware attack in June 2024, which resulted in the theft of some patients’ data. Founded in 2021, Synnovis is a partnership between international medical diagnostics provider SYNLAB, Guy’s and St Thomas’ NHS Foundation Trust, and King’s College Hospital NHS Foundation Trust. It […]