The flaw, CVE-2024-41721, in bhyve's USB emulation functionality could lead to malicious code execution, posing a serious threat to systems running vulnerable versions of FreeBSD.

The flaw, tracked as CVE-2023-27584, stems from a hard-coded cryptographic key used in the authentication process, posing a serious risk of unauthorized access, including admin-level privileges.

This flaw, tracked as CVE-2024-8986 with a CVSS score of 9.1, could lead to the unintentional exposure of sensitive information, such as repository credentials, due to the build metadata being included in compiled binaries.

The vulnerability lies in Keycloak's XMLSignatureUtil class, which incorrectly verifies SAML signatures, disregarding the vital "Reference" element that specifies the signed portion of the document.

An audit found that both the DOJ and FBI need to improve in three key areas to enhance their fight against ransomware. While the FBI reported an improvement in taking action within 72 hours in 47% of incidents, there is still room for progress.

Singaporean cryptocurrency platform BingX was hit by a cyberattack resulting in the theft of over $44 million. The attack was detected by two blockchain security firms, leading to a temporary suspension of withdrawals and emergency asset transfers.

Two suspects, Malone Lam and Jeandiel Serrano, were arrested by the US Department of Justice for stealing and laundering over $230 million worth of cryptocurrency in Miami.

Picus Security, a San Francisco, CA-based security validation company, raised $45M in funding. The round, which brought total funds raised to $80M, was led by Riverwood Capital, with participation from existing investor Earlybird Digital East Fund.

The GSM Association is working on implementing end-to-end encryption for Rich Communications Services (RCS) messaging between Android and iOS. This important step aims to enhance user protection and secure messages across platforms.

The breach occurred when threat actors gained access to customer data of about 9 million AT&T wireless accounts stored by a vendor. This exposed sensitive customer information like account numbers, phone numbers, and email addresses.