Ethereum feature abused to steal $60 million from 99K victims


Malicious actors have been abusing Ethereum's 'Create2' function to bypass wallet security alerts and poison cryptocurrency addresses, which led to stealing $60,000,000 worth of cryptocurrency from 99,000 people in six months. [...]


https://www.bleepingcomputer.com/news/se...k-victims/

Meet the Unique New "Hacking" Group: AlphaLock


A Russian hacking group known as AlphaLock is launching a "pentest" marketplace and training platform to empower a new generation of threat actors. Learn more from Flare about the new hacking group. [...]


https://www.bleepingcomputer.com/news/se...alphalock/

Pharmacy provider Truepill data breach hits 2.3 million customers


Postmeds, doing business as 'Truepill,' is sending notifications of a data breach informing recipients that threat actors accessed their sensitive personal information. [...]


https://www.bleepingcomputer.com/news/se...customers/

Windows 10 KB5032189 update released with 11 improvements


Microsoft has released the KB5032189 cumulative update for Windows 10 21H2 and Windows 10 22H2, which contains eleven fixes for various issues. [...]


https://www.bleepingcomputer.com/news/mi...rovements/

Windows 11 KB5032190 update enables Moment 4 features for everyone


Microsoft has released the KB5032190 cumulative update to fix security vulnerabilities in Windows 11. This is the first Patch Tuesday update with access to Windows 11 Moment 4 features, provided you turn on the "Get latest updates" toggle. [...]


https://www.bleepingcomputer.com/news/mi...-everyone/

Microsoft fixes critical Azure CLI flaw that leaked credentials in logs


Microsoft has fixed a critical security vulnerability that could let attackers steal credentials from GitHub Actions or Azure DevOps logs created using Azure CLI (short for Azure command-line interface). [...]


https://www.bleepingcomputer.com/news/mi...s-in-logs/

Microsoft November 2023 Patch Tuesday fixes 5 zero-days, 58 flaws

Today is Microsoft's November 2023 Patch Tuesday, which includes security updates for a total of 58 flaws and five zero-day vulnerabilities. [...]


https://www.bleepingcomputer.com/news/mi...-58-flaws/

Vulnerability Prioritization: Severity Does Not Mean Priority

A data-informed prioritization strategy is integral to ensuring remediation efforts are practical — and severity does not always mean priority.


https://www.hackerone.com/vulnerability-...n-priority

EV battery maker plans $165 million North Carolina plant in 2026

<p>The battery manufacturing operation, backed by Forge Nano and a variety of unnamed investors, plans to make lithium-ion cells for use in defense, aerospace and specialty electric vehicle markets.</p>

https://www.autonews.com/mobility-report...tery-plant

UAW deal with GM losing among production workers after Tenn. plant votes no

<p>With more than 17,000 votes in out of a possible 46,000, 51 percent of production workers are against the proposed contract. Large plants in Michigan, Texas, Indiana and Missouri have yet to vote.</p>

https://www.autonews.com/manufacturing/u...l-votes-no