US federal government departments have been given until Thursday to patch a two-year old high severity vulnerability in Oracle WebLogic Server that could allow an unauthenticated attacker to access critical data. The vulnerability, CVE-2024-21182, was added Monday to the Cybersecurity and Infrastructure Security Agency’s (CISA) Known Exploited Vulnerabilities (KEV) catalog, giving federal Oracle admins a…
Tag: until
Global Security News
Meta tries to get ahead of scammers before the World Cup begins
Football fans are counting down the days until the FIFA World Cup begins, and scammers are doing the same. Last week, the FBI warned that cybercriminals are spoofing FIFA websites to steal personal information, sell fake tickets, and promote fraudulent hospitality packages ahead of the tournament. With millions of supporters expected to travel to the…
AI, Global Security News, malware, Network Security, Risk Management, Russia
How cybersecurity firms took down Glassworm botnet in one shot
Glassworm infected developers through poisoned tools and packages until a coordinated takedown killed all four of its C2 channels at once. On May 26, 2026, at 14:00 UTC, CrowdStrike Counter Adversary Operations team, working with Google and the Shadowserver Foundation, killed all four command-and-control channels of the Glassworm botnet at the same time. The timing…
AI, Exploits, Global Security News, Government & Policy
CISA orders feds to patch actively exploited Drupal vulnerability
CISA has given U.S. government agencies until Wednesday evening to secure their servers against an SQL injection vulnerability in the Drupal content management system (CMS) that it flagged as actively exploited. […]
AI, Cybersecurity, Data Breaches, Global Security News, Government & Policy
Contractor’s public GitHub account exposed GovCloud and CISA credentials
Until a few days ago, a publicly-accessible GitHub repository exposed credentials for both US government AWS accounts and internal Cybersecurity and Infrastructure Security Agency (CISA) systems. That’s according to cybersecurity reporter Brian Krebs, who first broke the news over the weekend, acting on a tip from researcher Guillaume Valadon at GitGuardian. Valadon confirmed the information…
AI, Cybersecurity, Endpoint, Global Security News, Government & Policy, Network Security
CISA Admin Leaked AWS GovCloud Keys on Github
Until this past weekend, a contractor for the Cybersecurity & Infrastructure Security Agency (CISA) maintained a public GitHub repository that exposed credentials to several highly privileged AWS GovCloud accounts and a large number of internal CISA systems. Security experts said the public archive included files detailing how CISA builds, tests and deploys software internally, and…
AI, Apps, Cybersecurity, Exploits, Global Security News, Network Security, Risk Management
Linux kernel maintainers suggest a ‘kill switch’ to protect systems until a zero-day vulnerability is patched
Linux server admins may get the ability to turn off a vulnerable function in the OS kernel until a patch for a zero-day vulnerability is ready, if a proposal from a kernel developer and maintainer is accepted by the open source community. The idea of a kill switch for privileged operators has been suggested by…
Cybersecurity, Global Security News, Risk Management
Threat Intel Scraping Without Burning Your Cover or Your Stack
Threat Intel Scraping sounds simple until it isn’t, here’s how cybersecurity teams avoid blocks, bad data, and unnecessary risk.
AI, APAC, Compliance, Cybersecurity, Exploits, Global Security News, Government & Policy, Risk Management
What IT leaders need to know about AI-fueled death fraud
Death is always an unpleasant topic, typically ignored until it is fully upon us. But for IT leaders, fraudsters who use fake death documents generated by AI to steal data and commit a wide range of other crimes are simply too dangerous to ignore. There are two different forms of these death frauds: tricking an…
Global Security News
Cloud workload security: Mind the gaps
As IT infrastructure expands, visibility and control often lag behind – until an incident forces a reckoning
Global Security News
High voltage tech: Meet AC/DC – Australia’s answer to FAANG and WITCH
Australia’s tech sector has long punched above its weight, but until now, it’s lacked a unifying shorthand. Silicon Valley has FAANG. The Indian global services giants have WITCH. Australia? Well, we’ve had vibes – but that changes today. Say hello to AC/DC, a new distinctly Australian acronym for our most influential, globally relevant tech powerhouses.…
AI, Global Security News
Ubuntu 24.04.4 LTS arrives with cumulative security and bug fixes
Security teams running Ubuntu in production often delay major OS upgrades until the next point release arrives with accumulated patches and newer hardware support. Ubuntu 24.04.4 LTS is now available as refreshed installation media for Noble Numbat, bundling the latest updates and offering a current hardware enablement stack for new deployments. Support and update focus…