Meta Paid Out Over $2.3 Million in Bug Bounties in 2024

/in

Meta received close to 10,000 vulnerability reports and paid out over $2.3 million in bug bounty rewards in 2024.

The post Meta Paid Out Over $2.3 Million in Bug Bounties in 2024 appeared first on SecurityWeek.

SecurityWeek – ​Read More

Warning: Tunnel of Love Leads to Scams

/in

Romance-baiting losses were up 40% last year, as more and more pig-butchering efforts crop up in the wild.

darkreading – ​Read More

Rising Tides: Lesley Carhart on Bridging Enterprise Security and OT—and Improving the Human Condition

/in

In the latest edition of “Rising Tides” we talk with Lesley Carhart, Technical Director of Incident Response at Dragos.

The post Rising Tides: Lesley Carhart on Bridging Enterprise Security and OT—and Improving the Human Condition appeared first on SecurityWeek.

SecurityWeek – ​Read More

In Other News: $10,000 YouTube Flaw, Cybereason CEO Sues Investors, New OT Security Tool

/in

Noteworthy stories that might have slipped under the radar: Google pays $10,000 bug bounty for YouTube vulnerability, Cybereason CEO sues two investors, Otorio launches new OT security tool.

The post In Other News: $10,000 YouTube Flaw, Cybereason CEO Sues Investors, New OT Security Tool appeared first on SecurityWeek.

SecurityWeek – ​Read More

SonicWall Firewall Vulnerability Exploited After PoC Publication

/in

The exploitation of a recent SonicWall vulnerability has started shortly after proof-of-concept (PoC) code was published.

The post SonicWall Firewall Vulnerability Exploited After PoC Publication appeared first on SecurityWeek.

SecurityWeek – ​Read More

SGNL Raises $30 Million for Identity Management Solution

/in

Identity management provider SGNL has raised $30 million in a Series A funding round led by Brightmind Partners.

The post SGNL Raises $30 Million for Identity Management Solution appeared first on SecurityWeek.

SecurityWeek – ​Read More

Salt Typhoon Targeting Old Cisco Vulnerabilities in Fresh Telecom Hacks

/in

China-linked APT Salt Typhoon has been exploiting known vulnerabilities in Cisco devices in attacks on telecom providers in the US and abroad.

The post Salt Typhoon Targeting Old Cisco Vulnerabilities in Fresh Telecom Hacks appeared first on SecurityWeek.

SecurityWeek – ​Read More

New Windows Zero-Day Exploited by Chinese APT: Security Firm

/in

ClearSky Cyber Security says it has seen a new Windows zero-day being exploited by a Chinese APT named Mustang Panda. 

The post New Windows Zero-Day Exploited by Chinese APT: Security Firm appeared first on SecurityWeek.

SecurityWeek – ​Read More

Hackers Exploit Palo Alto Firewall Vulnerability Day After Disclosure

/in

Attempts to exploit CVE-2024-0108, an authentication bypass vulnerability in Palo Alto firewalls, started one day after disclosure. 

The post Hackers Exploit Palo Alto Firewall Vulnerability Day After Disclosure appeared first on SecurityWeek.

SecurityWeek – ​Read More

PostgreSQL Vulnerability Exploited Alongside BeyondTrust Zero-Day in Targeted Attacks

/in

Threat actors who were behind the exploitation of a zero-day vulnerability in BeyondTrust Privileged Remote Access (PRA) and Remote Support (RS) products in December 2024 likely also exploited a previously unknown SQL injection flaw in PostgreSQL, according to findings from Rapid7.
The vulnerability, tracked as CVE-2025-1094 (CVSS score: 8.1), affects the PostgreSQL interactive tool psql.
“An

The Hacker News – ​Read More