Industrial-strength April Patch Tuesday covers 135 CVEs

President Donald Trump has pardoned Ross Ulbricht, the founder of Silk Road, an underground website for selling drugs. The post Trump Pardons Founder of Silk Road Website appeared first on SecurityWeek.

This issue of the Counter Threat Unit’s high-level bimonthly report discusses noteworthy updates in the threat landscape during March and April

The developers of Rspack have revealed that two of their npm packages, @rspack/core and @rspack/cli, were compromised in a software supply chain attack that allowed a malicious actor to publish malicious versions to the official package registry with cryptocurrency mining malware. Following the discovery, versions 1.1.7 of both libraries have been unpublished from the npm…

Cybersecurity researchers are sounding the alert about an authentication bypass vulnerability in Fortinet Fortiweb WAF that could allow an attacker to take over admin accounts and completely compromise a device. “The watchTowr team is seeing active, indiscriminate in-the-wild exploitation of what appears to be a silently patched vulnerability in Fortinet’s FortiWeb product,” Benjamin Harris,

Fortinet warns of a phishing campaign that uses legitimate links to take over the victims’ PayPal accounts. The post PayPal Phishing Campaign Employs Genuine Links to Take Over Accounts appeared first on SecurityWeek.

Mark Emem reports a settlement in litigation stemming from a Consulting Radiologists Ltd. data breach in February 2024. The incident had been added to LockBit’s leak site in April 2024. A US healthcare firm has agreed to pay out millions of dollars to settle a class action lawsuit filed over a data breach that occurred……