Take action on the latest cybersecurity events

Cybersecurity advisories and events as they happen, with a clear action you can take.

The discovery of the 'BLUFFS' series of attacks, exploiting fundamental flaws in Bluetooth protocol session key derivation and impacting a vast range of devices like iPhones and Android smartphones. The vulnerability raises significant security concerns, prompting advisories for vendor level fixes and cautious Bluetooth usage by users, especially in public.
Hackers exploited a vulnerability in an unpatched Adobe ColdFusion, CVE-2023-26360, to compromise servers of a U.S. federal agency, with two incidents in June thwarted by cybersecurity measures.
published: Dec. 4, 2023
In the week of November 27 to December 4, 2023, there were 7 advisories/vulnerability events and 36 incident/data breach events, marking a significant increase in both compared to the previous week, although the number of impacted individuals decreased from 10.5 million to 6 million.
A vast number of outdated Microsoft Exchange email servers, primarily in Europe, the U.S., and Asia, remain publicly accessible and highly vulnerable to attacks due to running unsupported software versions. At least 20,000 of these servers already beyond their end-of-life stage and susceptible to various significant security flaws.
published: Nov. 27, 2023
Between November 20 and 27, 2023, there were 2 security advisories and 27 data breach incidents, with a significant rise in affected individuals from 2.7 million to 10.5 million week-over-week, despite a decrease in overall incidents.
published: Nov. 20, 2023
In the third week of November 2023, there were 10 advisories and 30 data breach incidents, with a slight increase in advisories and consistent incident numbers compared to the previous week, impacting 2.7 million individuals —down from 4 million. The largest breach being Truepill pharmacy affecting 2.3 million.
Researchers have identified critical vulnerabilities in the infrastructure supporting AI models, underscoring the need for companies to conduct security testing on their AI systems. AI models and machine learning platforms are software running on sometimes vulnerable infrastructure, making them susceptible to exploitation and posing real risks to organizations, particularly those heavily integrating AI into their operations.
The cybercriminal group AlphV reported its victim, MeridianLink, to the SEC, alleging a breach of the new SEC rule on cybersecurity incident disclosure for publicly traded companies. This action highlights the evolving tactics of cybercriminals who are shifting from data unavailability threats to regulatory pressure extortion, emphasizing the need for organizations to adopt proper incident management processes.
published: Nov. 13, 2023
Between November 6 and November 13, 2023, there was a slight increase in data breach incidents (from 22 to 29) and a decrease in advisories (from 6 to 4), with over 4 million individuals affected, a decrease from the previous week's record of 815 million, and the largest breach involving the Maine government's MOVEit system impacting 1.3 million individuals.
The Duke University study highlights the troubling simplicity and low cost of obtaining personal details of U.S. military personnel from data brokers, posing a significant national security risk and amplifying calls for stringent privacy regulation.