The cyber actor played a role in the Treasury breach as well as attacks on critical infrastructure, linked to China-backed advanced persistent threat (APT) group Salt Typhoon.
As LLMs broaden access to hacking and diversify attack strategies, understanding the thought processes behind these innovations will be vital for bolstering IT defenses.
Cybersecurity researchers have disclosed three security flaws in Planet Technology’s WGS-804HPT industrial switches that could be chained to achieve pre-authentication remote code execution on susceptible devices. “These switches are widely used in building and home automation systems for a variety of networking applications,” Claroty’s Tomer Goldschmidt said in a Thursday report. “An attacker
Cybersecurity researchers have exposed a new campaign that targets web servers running PHP-based applications to promote gambling platforms in Indonesia. “Over the past two months, a significant volume of attacks from Python-based bots has been observed, suggesting a coordinated effort to exploit thousands of web apps,” Imperva researcher Daniel Johnston said in an analysis. “These…
Recent data breaches have highlighted the critical need to improve guest Wi-Fi infrastructure security in modern business environments. Organizations face increasing pressure to protect their networks while providing convenient access to visitors, contractors, temporary staff, and employees with BYOD. Implementing secure guest Wi-Fi infrastructure has become essential for authenticating access,
The U.S. Treasury Department’s Office of Foreign Assets Control (OFAC) sanctioned two individuals and four entities for their alleged involvement in illicit revenue generation schemes for the Democratic People’s Republic of Korea (DPRK) by dispatching IT workers around the world to obtain employment and draw a steady source of income for the regime in violation…
What is the Vulnerability?Aviatrix Controllers contain an OS command injection vulnerability that could allow an unauthenticated attacker to execute arbitrary code. The security vulnerability tracked as CVE-2024-50603, which rates 10 out of 10 on the CVSS scale, has been added to CISA’s Known Exploited Vulnerabilities (KEV) Catalog on January 16, 2025. A proof-of-concept exploit has…
Austrian privacy non-profit None of Your Business (noyb) has filed complaints accusing companies like TikTok, AliExpress, SHEIN, Temu, WeChat, and Xiaomi of violating data protection regulations in the European Union by unlawfully transferring users’ data to China. The advocacy group is seeking an immediate suspension of such transfers, stating the companies in question cannot shield…
A highly targeted cyber-intelligence campaign adds fuel to the increasingly complex relationship between the two former Soviet states.
New order mandates securing the federal software supply chain and communications networks, as well as deploying AI tools to protect critical infrastructure from cyberattacks — but will the Trump administration follow through?