Securityweek.com

A new Android trojan named Brokewell can steal user’s sensitive information and allows attackers to take over devices.

More than 1,400 CrushFTP servers remain vulnerable to an actively exploited zero-day for which PoC has been published.

More than 90,000 unique IPs are still infected with a PlugX worm variant that spreads via infected flash drives.

Noteworthy stories that might have slipped under the radar: Volkswagen hacked by Chinese threat group, DDoS service shut down, Rubrik IPO.

UK cybersecurity firm Darktace has agreed to sell itself to private equity giant Thoma Bravo for approximately $5.32 million in cash.

A vulnerability in the WordPress Automatic plugin is being exploited to inject backdoors and web shells into websites.

Predictive attack intelligence and risk protection startup BforeAI has raised $15 million in a Series A funding round led by SYN Ventures.

Palo Alto Networks has shared remediation instructions for organizations whose firewalls have been hacked via CVE-2024-3400.

A new phishing campaign abuses compromised email accounts and targets corporate users with PDF files hosted on Autodesk Drive.

The FTC is sending a total of $5.6 million in refunds to over 117,000 Ring customers as result of a 2023 settlement.