Critical vulnerabilities were discovered in the CocoaPods dependency manager that could have allowed threat actors to take over thousands of orphaned packages, execute shell commands, and take over accounts. The vulnerabilities, tracked as CVE-2024-38368 (CVSS score of 9.9), CVE-2024-38366 (CVSS score of 9.0), and CVE-2024-38367 (CVSS score of 8.0), could have potentially impacted millions of…
Splunk announced patches for 16 vulnerabilities in its Enterprise and Cloud Platform products, including six high-severity bugs. Three of these high-severity issues are remote code execution flaws that require authentication for successful exploitation. The first RCE bug affects Splunk Enterprise versions 9.2.x, 9.1.x, and 9.0.x and can be mitigated by disabling the ‘splunk_archiver’ application or…
Wise, a fintech firm, and Affirm, a buy-now-pay-later services provider, have revealed that the recent data breach suffered by Evolve Bank impacts some of their customers. The breach was caused by the LockBit ransomware group, which stole customer information including names, Social Security numbers, bank account numbers, and contact information from Evolve’s databases and file…
Wise and Affirm confirm they have been affected by the ransomware attack on Evolve Bank & Trust. The number of financial institutions caught up in the breach continues to rise as fintech businesses Wise and Affirm both confirm they have been materially affected. Affirm told the SEC that it believes personal data of Affirm Card…
Prudential Financial, one of the largest insurance companies in the US, reported that it had fallen victim to a ransomware attack that impacted 2.5 million people. The initial notification stated that only 36,000 people had their data stolen, but this number was revised after further investigation. The stolen data includes full names, driving license numbers,…
