Aggregator

You must login to view this content

A federal jury convicted Cameron Curry, 27, a Charlotte resident, of carrying out an extensive cyber extortion scheme targeting a Washington, D.C.-based international technology company. He faces up to two years in prison on each of the six charges. Curry, who worked as a data analyst for about six months with the victim company and had access to its data files and internal personnel and corporate information, began the scheme after learning his contract would … More →

The post Terminated contract led to $2.5 million cyber extortion scheme appeared first on Help Net Security.

You must login to view this content

Microsoft has officially announced the general availability of new Microsoft Teams optimizations for the Windows App on both iOS and Android platforms. Released on March 18, 2026, this update introduces the WebRTC Redirector Service to mobile users connecting to Azure Virtual Desktop and Windows 365 environments. For IT administrators and security teams managing distributed workforces, […]

The post Microsoft Unveils New Teams Optimizations for Windows App on iOS & Android appeared first on Cyber Security News.

CISA has added five new vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation.

• CVE-2025-31277 Apple Multiple Products Buffer Overflow Vulnerability
• CVE-2025-32432 Craft CMS Code Injection Vulnerability
• CVE-2025-43510 Apple Multiple Products Improper Locking Vulnerability
• CVE-2025-43520 Apple Multiple Products Classic Buffer Overflow Vulnerability
• CVE-2025-54068 Laravel Livewire Code Injection Vulnerability

These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise.

Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities established the KEV Catalog as a living list of known Common Vulnerabilities and Exposures (CVEs) that carry significant risk to the federal enterprise. BOD 22-01 requires Federal Civilian Executive Branch (FCEB) agencies to remediate identified vulnerabilities by the due date to protect FCEB networks against active threats. See the BOD 22-01 Fact Sheet for more information.

Although BOD 22-01 only applies to FCEB agencies, CISA strongly urges all organizations to reduce their exposure to cyberattacks by prioritizing timely remediation of KEV Catalog vulnerabilities as part of their vulnerability management practice. CISA will continue to add vulnerabilities to the catalog that meet the specified criteria. 

An urgent warning highlights a critical zero-day in Cisco products, now added to the CISA Known Exploited Vulnerabilities Catalog after active exploitation in ransomware campaigns. Network defenders and security administrators are urged to take immediate action. The rapid exploitation of this vulnerability by financially motivated threat actors highlights the severe risk it poses to enterprise […]

The post CISA Warns of Cisco Secure Firewall Management Center 0-Day Exploited in Ransomware Attacks appeared first on Cyber Security News.

Ransomware attackers have widened their approach to defeating endpoint security, moving well past the technique of exploiting vulnerable drivers. For years, the Bring Your Own Vulnerable Driver (BYOVD) method was the primary way attackers disabled security tools before launching their file-encrypting payloads. Today, that picture has grown much more complex, with threat actors now deploying […]

The post Ransomware Actors Expand EDR Killer Tactics Beyond Vulnerable Drivers appeared first on Cyber Security News.

Fake job offers on Google Forms are spreading PureHVNC malware that can take over your device.

The post That “job brief” on Google Forms could infect your device appeared first on Security Boulevard.