US representatives and senators have reintroduced a bipartisan bill to support the cybersecurity of small water and wastewater utilities.
The post US Lawmakers Reintroduce Bill to Boost Rural Water Cybersecurity appeared first on SecurityWeek.
ChatGPT Vulnerability Exploited Against US Government Organizations
A year-old vulnerability in ChatGPT is being exploited against financial entities and US government organizations.
The post ChatGPT Vulnerability Exploited Against US Government Organizations appeared first on SecurityWeek.
Exploit Code for Apache Tomcat RCE Vulnerability Published on Chinese Forum
Exploits swirling for remote code execution vulnerability (CVE-2025-24813) in open-source Apache Tomcat web server.
The post Exploit Code for Apache Tomcat RCE Vulnerability Published on Chinese Forum appeared first on SecurityWeek.
NIST Announces HQC as Fifth Standardized Post Quantum Algorithm
First choices for both KEMs and DSAs are already standardized, and organizations should not wait for the backups to be available before migrating to PQC.
The post NIST Announces HQC as Fifth Standardized Post Quantum Algorithm appeared first on SecurityWeek.
8,000 New WordPress Vulnerabilities Reported in 2024
Nearly 8,000 new vulnerabilities affecting the WordPress ecosystem were reported last year, nearly all in plugins and themes.
The post 8,000 New WordPress Vulnerabilities Reported in 2024 appeared first on SecurityWeek.
Microsoft 365 Targeted in New Phishing, Account Takeover Attacks
Threat actors are abusing Microsoft 365 infrastructure in a BEC campaign, and target its users in two brand impersonation campaigns.
The post Microsoft 365 Targeted in New Phishing, Account Takeover Attacks appeared first on SecurityWeek.
100 Car Dealerships Hit by Supply Chain Attack
The websites of over 100 auto dealerships were found serving malicious ClickFix code in a supply chain compromise.
The post 100 Car Dealerships Hit by Supply Chain Attack appeared first on SecurityWeek.
Nvidia Riva Vulnerabilities Allow Unauthorized Use of AI Services
Vulnerabilities in Nvidia Riva could allow hackers to abuse speech and translation AI services that are typically expensive.
The post Nvidia Riva Vulnerabilities Allow Unauthorized Use of AI Services appeared first on SecurityWeek.
Popular GitHub Action Targeted in Supply Chain Attack
The tj-actions/changed-files GitHub Action, which is used in 23,000 repositories, has been targeted in a supply chain attack.
The post Popular GitHub Action Targeted in Supply Chain Attack appeared first on SecurityWeek.
In Other News: Swiss Breach Disclosure Rules, ESP32 Chip Backdoor Disputed, MassJacker
Noteworthy stories that might have slipped under the radar: Switzerland requires disclosure of critical infrastructure attacks, ESP32 chips don’t contain a backdoor, MassJacker cryptojacking malware.
The post In Other News: Swiss Breach Disclosure Rules, ESP32 Chip Backdoor Disputed, MassJacker appeared first on SecurityWeek.
