Conduent said it may face additional financial risks related to a January 2025 attack that impacted a number of state governments and other organizations. The attack at the New Jersey-based payments contractor led to data breaches across a number of organizations, including state government agencies and insurance providers. In the state of Wisconsin, child support payments were temporarily disrupted. READ MORE...
Synnovis, a leading UK pathology services provider, is notifying healthcare providers that a data breach occurred following a ransomware attack in June 2024, which resulted in the theft of some patients' data. Formerly known as Viapath, Synnovis was founded as GSTS Pathology in 2009 and switched to the Synnovis brand in October 2022. Synnovis is now reaching out to affected organizations, including NHS hospitals and clinics, but will not contact patients directly. READ MORE...
Researchers warn that although exploitation of the zero-day is complex, a functional exploit exists in the wild. Microsoft addressed 63 vulnerabilities affecting its underlying systems and core products, including one actively exploited zero-day, the company said in its latest monthly security update. The zero-day vulnerability - CVE-2025-62215 - affects the Windows Kernel and has a CVSS rating of 7.0 due to a high attack complexity. READ MORE...
GlassWorm, a self-propagating malware targeting Visual Studio Code (VS Code) extensions on the Open VSX marketplace, have apparently continued despite statements that the threat had been contained. Researchers at Koi Security reported their discovery of GlassWorm last month, highlighting the worm's sophistication as well as its compromise of approximately 35,800 developer machines. The malware is similar to Shai-hulud, an NPM package worm discovered earlier this year. READ MORE...
From unintentional data leakage to buggy code, here's why you should care about unsanctioned AI use in your company. Shadow IT has long been a thorn in the side of corporate security teams. After all, you can't manage or protect what you can't see. But things could be about to get a lot worse. The scale, reach and power of artificial intelligence (AI) should make shadow AI a concern for any IT or security leader. READ MORE...
Cisco is warning about a new kind of cyberattack exploiting serious vulnerabilities in its firewalls. On Nov. 5, "Cisco became aware of a new attack variant against devices" affected by the previously disclosed flaws, the company said in a security advisory. "This attack can cause unpatched devices to unexpectedly reload, leading to denial of service (DoS) conditions." READ MORE...
Select researchers and academic teams will get access to Amazon's NOVA models next year as the tech giant continues to integrate the AI tools into its own tech stack. Amazon became the latest company to open its large language models to outside security researchers, announcing the creation of a new bug bounty program for the tech giant's AI tools. READ MORE...
Skies are open for mischief as hard-to-trace drones and fast-moving cyber raids promise new wave of disruption. Britain's aviation watchdog has warned it's only a matter of time before organized drone attacks bring UK airports to a standstill. Civil Aviation Authority (CAA) boss Rob Bishton told the Airlines UK conference on Monday that it was "entirely unrealistic" to think drone incursions "won't cause disruption" in the future, days after two Belgian airports were forced to shut down following drone sightings. READ MORE...