Twelve out of the top 15 vulnerabilities were addressed last year, highlighting the importance of patching security flaws before they are exploited. The list included vulnerabilities in products from companies like Citrix, Cisco, Fortinet, and more.

The US Cybersecurity and Infrastructure Security Agency (CISA) has released its first international strategic plan to enhance collaboration in combating cyber threats to critical infrastructure.

The joint cybersecurity advisory warned of Iranian cyber actors using brute force and other methods to compromise organizations, particularly in critical sectors such as healthcare, government, IT, engineering, and energy.

The CISA and FBI released the Product Security Bad Practices catalog to improve software security, especially in critical infrastructure. The document identifies risky software development practices and provides guidelines to mitigate these risks.

The Cybersecurity and Infrastructure Security Agency (CISA) has issued a warning regarding three critical security vulnerabilities affecting various software, including Microsoft Windows, Mozilla Firefox, and SolarWinds Web Help Desk.

The Pioneer Kitten attackers are monetizing their access to compromised organizations' networks by selling domain admin credentials and full domain control privileges on cybercrime marketplaces.

The Internet Systems Consortium (ISC) has released patches to fix multiple security vulnerabilities in the BIND 9 DNS software suite that could lead to denial-of-service attacks.

The vulnerabilities are as follows: CVE-2012-4792, a decade-old vulnerability in Internet Explorer allowing remote code execution, and CVE-2024-39891, an information disclosure flaw in Twilio Authy.

The US Cybersecurity and Infrastructure Security Agency (CISA) conducted a red team exercise at an unnamed federal agency in 2023, exposing serious security failings that left critical assets vulnerable.

Cybersecurity agencies from Australia, Canada, Germany, Japan, New Zealand, South Korea, the UK, and the US have warned about APT40, a China-linked cyber espionage group known for quickly exploiting new security bugs after public disclosure.