The UK's National Health Service (NHS) is warning of possible exploitation attempts targeting vulnerabilities in the Arcserve Unified Data Protection (UDP) software, which were disclosed in March and had PoC exploit code released shortly after.

Researchers have developed a technique called "GhostStripe" that can exploit the camera-based computer vision systems of autonomous vehicles, causing them to fail to recognize road signs, making it very risky for Tesla and Baidu Apollo vehicles.

According to a report by the German cybersecurity firm Security Research Labs GmbH (SRLabs), the BogusBazaar network has attempted to process an estimated $50 million in fake purchases since the operation launched three years ago.

Ransomware infections have morphed into "a psychological attack against the victim organization," as criminals use increasingly personal and aggressive tactics to force victims to pay up, according to Google-owned Mandiant.

Mastodon delayed a firm fix for link preview DDoS issues, pushing it back to version 4.4.0 from the expected 4.3.0 release. The issue arises from the decentralized nature of Mastodon, where link previews generate excessive traffic on host servers.

Xiaomi resolved 20 flaws, ensuring user safety by fixing issues like arbitrary access to system components and data leaks. Google also fixed six vulnerabilities, including geolocation access through the camera and arbitrary file access.

The scam involved call center workers impersonating the victims' relatives, claiming they were in legal trouble or had been in an accident, and convincing the victims to send thousands of dollars to help them.

The district court of Länsi-Uusimaa, Finland, sentenced Aleksanteri Kivimäki, 26, on Tuesday for crimes against the Vastaamo center and those in its care, which included more than 20,000 extortion attempts.

The vulnerability, tagged CVE-2024-27322, can be exploited by tricking someone into loading a maliciously crafted RDS (R Data Serialization) file into an R-based project, or by fooling them into integrating a poisoned R package into a code base.

Researchers at US-Israeli infosec outfit SafeBreach recently discussed flaws in Microsoft and Kaspersky endpoint security products that can potentially allow the remote deletion of files.