159-CVE January Patch Tuesday smashes single-month record
Brace yourselves… and consider reading your email in plaintext for now
Brace yourselves… and consider reading your email in plaintext for now
In 2019, DataBreaches reported that Solara Medical Supplies in California was notifying more than 110,000 patients after an attacker gained access to some employees’ email accounts via phishing. Solara was subsequently sued and settled claims for $9.76 million. Now today, HHS OCR announced a settlement with Solara: Today the U.S. Department of Health and Human…
Patch Tuesday: Adobe ships patches for more than a dozen security defects in a wide range of software products. The post Adobe: Critical Code Execution Flaws in Photoshop appeared first on SecurityWeek.
Since no technical means have been found to curtail criminal extortion through prevention or attack, the new proposal is to eliminate its profitability. The post UK Considers Banning Ransomware Payment by Public Sector and CNI appeared first on SecurityWeek.
The executive order comes on the heels of the Biden administration’s proposed restrictions on exports of AI chips, an attempt to balance national security concerns about the technology with economic interests of producers and other countries. The post Biden Signs Executive Order Aimed at Growing AI Infrastructure in the US appeared first on SecurityWeek.
Patch Tuesday: Microsoft has rushed out fixes for a trio of already-exploited zero-day vulnerabilities in the Windows Hyper-V platform. The post Microsoft Patches Trio of Exploited Windows Hyper-V Zero-Days appeared first on SecurityWeek.
WEF’s Global Cybersecurity Outlook 2025 report highlights key challenges like the skills gap, third-party risks, and resilience disparities between businesses and private sectors. The post WEF Report Reveals Growing Cyber Resilience Divide Between Public and Private Sectors appeared first on SecurityWeek.
With a security-first culture fully in play, developers will view the protected deployment of AI as a marketable skill, and respond accordingly. The post How to Eliminate “Shadow AI” in Software Development appeared first on SecurityWeek.
BforeAI has raised $10 million in Series B funding, which brings the total raised by the security firm to more than $30 million. The post BforeAI Raises $10 Million for Predictive Attack Intelligence appeared first on SecurityWeek.
New research has pulled back the curtain on a “deficiency” in Google’s “Sign in with Google” authentication flow that exploits a quirk in domain ownership to gain access to sensitive data. “Google’s OAuth login doesn’t protect against someone purchasing a failed startup’s domain and using it to re-create email accounts for former employees,” Truffle Security…