MacOS Safari ‘HM Surf’ Exploit Exposes Camera, Mic, Browser Data
Microsoft researchers toyed with app permissions to uncover CVE-2024-44133, using it to access sensitive user data. Adware merchants may have as well.
Chinese Researchers Tap Quantum to Break Encryption
But the time when quantum computers pose a tangible threat to modern encryption is likely still several years away.
American Water Reconnects Its Network Taps After Cyber Incident
The company is beginning to bring its systems back online, though the investigation wages on.
Fortinet Confirms Customer Data Breach via Third Party
The incident is a reminder why organizations need to pay attention to how they store and secure data in SaaS and cloud environments.
Microsoft VS Code Undermined in Asian Spy Attack
A technique to abuse Microsoft’s built-in source code editor has finally made it into the wild, thanks to China’s Mustang Panda APT.
Fortinet Confirms Customer Data Breach via Third Party
The incident is a reminder why organizations need to pay attention to how they store and secure data in SaaS and cloud environments.
Malicious Actors Sow Discord With False Election Compromise Claims
The FBI and CISA are warning citizens of attempts to convince voters that US election infrastructure has been compromised. (It hasn’t been.)
Cambodian Tycoon Sanctioned for Forced Cyber Labor, Trafficking
The sanctions are unlikely to affect the growing network of criminals who lure victims into working for cybercrime sweat shops around the world.
North Korean APT Bypasses DMARC Email Policies in Cyber-Espionage Attacks
How the Kimsuky nation-state group and other threat actors are exploiting poor email security — and what organizations can do to defend themselves.
Contractor Software Targeted via Microsoft SQL Server Loophole
By accessing the MSSQL, threat actors gain admin-level access to the application, allowing them to automate their attacks.



