Change Healthcare has officially confirmed that a cyberattack on February 21, 2024, compromised the medical records of over 100 million individuals. This incident represents the largest breach of protected health information (PHI) among HIPAA-regulated entities, surpassing the record-breaking data breach of Anthem Inc. in 2015, which affected 78.8 million people. Due to the scale of the breach, [...]

In June 2024, we uncovered a security issue related to the AWS Cloud Development Kit (CDK), an open-source project. This discovery adds to the six other vulnerabilities we discovered within AWS services.  The impact of this issue could, in certain scenarios (outlined in the blog), allow an attacker to gain administrative access to a target AWS account, resulting in a full [...]

Unknown threat actors have been observed attempting to exploit a now-patched security flaw in the open-source Roundcube webmail software as part of a phishing attack designed to steal user credentials. Russian cybersecurity company Positive Technologies said it discovered last month an email that was sent to an unspecified governmental organization located in one of the [...]

Apple đang kêu gọi các chuyên gia an ninh mạng trên toàn cầu tham gia “cuộc săn” lỗi bảo mật trong hệ thống AI Cloud của mình với phần thưởng hấp dẫn lên đến 1 triệu USD. Apple đang rất tự tin vào khả năng bảo mật của hệ thống trí tuệ nhân tạo do hãng [...]

In the shifting landscape of cyberspace, the emergence of security vulnerabilities is an inevitable phenomenon. A critical flaw, now identified as CVE-2023-34000 with a CVSS score of 7.5, has been detected in the widely used WooCommerce Stripe Gateway Plugin, prompting an urgent call to action for security professionals and site administrators alike.

Today is Microsoft's June 2023 Patch Tuesday, with security updates for 78 flaws, including 38 remote code execution vulnerabilities.

A widespread brand impersonation campaign targeting over a hundred popular apparel, footwear, and clothing brands has been underway since June 2022, tricking people into entering their account credentials and financial information on fake websites.

Horizon3 security researchers have released proof-of-concept (PoC) exploit code for a remote code execution (RCE) bug in the MOVEit Transfer managed file transfer (MFT) solution abused by the Clop ransomware gang in data theft attacks.