The company Nightfall AI found that secrets such as passwords and Application Programming Interface (API) keys were most often found in GitHub. Every year, about 350 total secrets are exposed per 100 employees. Thirty-five percent of the discovered API keys were still active, increasing vulnerability to privilege escalation attacks, data leaks, and breaches.

Nearly 2.7 billion records of personal information for people in the US were leaked on a popular hacking forum. The records include names, Social Security numbers (SSNs), known physical addresses, and more. The leaked data is alleged to have come from National Public Data, a company that collects and sells access to personal data for background checks, criminal record searches, and private investigations. This article continues to discuss the leak of 2.7 billion data records by hackers.

Adobe recently released fixes for 72 security vulnerabilities across multiple products and warned that Windows and macOS users are at risk of code execution, memory leaks, and denial-of-service attacks. The company noted that the patches address critical security defects in Adobe Acrobat and Reader, Illustrator, Photoshop, InDesign, Adobe Commerce, and Dimension and is warning that the most severe of these vulnerabilities could allow attackers to take complete control of a target machine.

The Federal Bureau of Investigation (FBI) has partnered with law enforcement in the UK and Germany to dismantle Information Technology (IT) infrastructure linked to the ransomware group called "Dispossessor" or "Radar." According to the FBI, the group targets small and medium-sized businesses (SMBs) in the production, development, education, healthcare, financial services, and transportation sectors. This article continues to discuss the dismantling of the Radar/Dispossessor ransomware. 

AMD has issued firmware updates to address a nearly two-decade-old silicon-level vulnerability called "SinkClose" in its EPYC data center processors and Ryzen line of processors for PCs and embedded systems. The flaw impacts a processor component that protects System Management Mode (SMM), an execution mode more privileged than kernel-level mode. According to the IOActive researchers who discovered the privilege escalation vulnerability, it is an "unpatchable" issue. If exploited, it enables an attacker to install malware on a system that would be nearly impossible to remove.

Kootenai Health has recently disclosed a data breach impacting over 464,000 patients after their personal information was stolen and leaked by the 3AM ransomware operation.  The organization is notifying patients who received care at its facilities that it detected a cyberattack in early March 2024, which disrupted certain IT systems.  The company stated that the ongoing investigation shows that the cybercriminals gained unauthorized access to Kootenai's systems on February 22, 2024, allowing the threat actors ten days to roam the network and steal sensitive data.

A 38-year-old Belarusian accused of being one of the world's most prolific Russian-speaking cybercriminals has been arrested and extradited by the UK's National Crime Agency (NCA) as part of an international law enforcement operation.  Silnikau, who also goes by Maksym Silnikov, was arrested by Spain's Guardia Civil in an apartment in Estepona, southern Spain, in July 2023.  On August 9, 2024, he was extradited from Poland to the US to face charges relating to cybercrime offenses.  The NCA noted that Silnikau is believed to have used the "J.P.

The National Institute of Standards and Technology (NIST) has formally published three post-quantum cryptography standards from its competition to develop cryptography that can withstand quantum computing decryption of current asymmetric encryption. The three standards are ML-KEM (Kyber), ML-DSA (Dilithium), and SLH-DSA (Sphincs+). FN-DSA (Falcon) is a fourth that has been chosen for standardization in the future.

Evolution Mining recently announced that it had been targeted by a ransomware attack on August 8, 2024, which impacted its IT systems.  Evolution Mining is one of Australia's largest gold producers, and it also has a presence in Canada.   The company stated that despite the disruption the ransomware attack caused to its IT systems, it does not anticipate it will have any material impact on operations.  This means that mining operations should continue uninterrupted.

The AI Cyber Challenge (AIxCC), run by the Defense Advanced Research Projects Agency (DARPA), has officially awarded seven semifinalists $2m each at DEFCON 32 where the agency hosted an immersive experience to underscore the real-world stakes of the competition.  AIxCC aims to find a cyber reasoning system to successfully find and fix vulnerabilities in open-source software.  The seven teams announced as semifinalists who will advance to the final competition include 42-b3yond-6ug, all_you_need_is_a_fuzzing_brain, Lacrosse, Shellphish, Team Atlanta, Theori, and Trail of Bits.