Dark Reading Daily -- January 15, 2025

Company has issued patches for an unprecedented 159 CVEs, including eight zero-days, three of which attackers are already exploiting.

LATEST SECURITY NEWS & COMMENTARY

Microsoft Rings in 2025 With Record Security Update

Company has issued patches for an unprecedented 159 CVEs, including eight zero-days, three of which attackers are already exploiting.

Apple Bug Allows Root Protections Bypass Without Physical Access

Emergent macOS vulnerability lets adversaries circumvent Apple's System Integrity Protection (SIP) by loading third-party kernels.

Zero-Day Security Bug Likely Fueling Fortinet Firewall Attacks

An ongoing campaign targeting FortiGate devices with management interfaces exposed on the public Internet is leading to unauthorized administrative logins and configuration changes, creating new accounts, and performing SSL VPN authentication.

As Tensions Mount With China, Taiwan Sees Surge in Cyberattacks

In 2024, the Taiwanese government saw the daily average of attempted attacks by China double to 2.4 million, with a focus on government targets and telecommunications firms.

FBI Wraps Up Eradication Effort of Chinese 'PlugX' Malware

Two hacker groups were paid to develop malware targeting victims in the US, Europe, and Asia, as well as various Chinese dissident groups.

New Startups Focus on Deepfakes, Data-in-Motion & Model Security

In times of unprecedented change, innovative mindsets and attentiveness of startup culture make for a community everyone can leverage to understand the world and guard against its dangers.

MORE NEWS / MORE COMMENTARY


HOT TOPICS
Cloud Attackers Exploit Max-Critical Aviatrix RCE Flaw The security vulnerability tracked as CVE-2024-50603, which rates 10 out of 10 on the CVSS scale, enables unauthenticated remote code execution on affected systems, which cyberattackers are using to plant malware. The Shifting Landscape of Open Source Security By focusing on vigilant security practices, responsible AI deployment, and alignment with global regulatory standards, the OSS community can make 2025 a transformative year for security. Cyberattackers Hide Infostealers in YouTube Comments, Google Search Results Threat actors are targeting people searching for pirated or cracked software with fake downloaders that include infostealing malware such as Lumma and Vidar. The Path Toward Championing Diversity in Cybersecurity Education To build a truly inclusive and diverse cybersecurity workforce, we need a comprehensive approach beyond recruitment and retention. MORE

PRODUCTS & RELEASES

Grupo Bimbo Ventures Announces Investment in NanoLock Security

CISA Releases the Cybersecurity Performance Goals Adoption Report

K2 Secures Navy SeaPort Next Generation Contract

MORE PRODUCTS & RELEASES

EDITORS' CHOICE

Microsoft Cracks Down on Malicious Copilot AI Use

According to the tech giant, it has observed a threat group seeking out vulnerable customer accounts using generative AI, then creating tools to abuse these services.

LATEST FROM THE EDGE

New Docuseries Spotlights Hackers Who Shaped Cybersecurity

"Where Warlocks Stay Up Late" project speaks to hackers who have played pivotal roles in shaping the field of cybersecurity. The video interviews are complemented by an encyclopedia and an anthropological map.

LATEST FROM DR TECHNOLOGY

1Password's Trelica Buy Part of Broader Shadow IT Play

The acquisition accelerates 1Password's ongoing efforts to expand the role of the password manager with secure SaaS management.

LATEST FROM DR GLOBAL

India Readies Overhauled National Data Privacy Rules

The country awaits implementation guidelines for a framework that gives Indians greater autonomy and security over their personal data — and recognizes a right to personal privacy.

WEBINARS

View More Dark Reading Webinars >>

WHITE PAPERS

View More White Papers >>

FEATURED REPORTS

View More Dark Reading Reports >>