From early Bitcoin-exchange hacks to today's multi-million-dollar DeFi exploits, crypto heists are becoming more frequent, and the stakes are higher than ever. Today's report explores some of the biggest heists, what makes them possible, and why Web3 security is more critical than ever.

American businesses are on the front line of the nation’s looming conflicts with China and other adversaries like Russia and Iran, the U.S. spy chief Director of National Intelligence Avril Haines warned last week. Learn why the relationship between the private sector and the intelligence community needs to outgrow the confines of the customer/vendor nexus and go beyond its current information-sharing paradigm.

A vulnerability allowing malicious files to be uploaded to the Versa Director GUI by users with System Admin credentials is being exploited. Stay informed with CyberWatch.

Chief among the multi-layered strategies companies use to safeguard their sensitive data is network segmentation. This approach, which involves dividing a network into smaller, isolated segments, goes a long way toward stymying the efforts of malicious actors. The significance of network segmentation and subnetting, along with their many benefits are discussed ahead.

Google Chrome and Microsoft Edge have released updates for an actively exploited Zero Day Vulnerability. Google is aware that an exploit for this CVE is circulating publicly.

Zoom urges users to patch two high severity vulnerabilities: CVE-2024-39818 (CVSSv3: 7.5), an information disclosure vulnerability that allows an authenticated user to perform information disclosure through network access and CVE-2024-39825 (CVSSv3: 8.5), a buffer overflow that allows an authenticated user to conduct an escalation of privilege using network access. Affected applications are Zoom Workplace Desktop App, Zoom Workplace VDI Client, Zoom Workplace App for Android and iOS, and Zoom Rooms Application for Windows, Mac, and iPad.

A critical 9.8 Java Deserialization Remote Code Execution vulnerability affects SolarWinds Web Help Desk, allowing attackers to run commands on the host machine. Read on to learn more and acquire the patch.

A vulnerability present in all major web browsers allows attackers to access sensitive services that are running on local devices running MacOS and Linux operating systems. Each of the major browsers has acknowledged the flaw and are working on updating standards that indirectly cause the problem.

The SonicWall Capture Labs research team has discovered a vulnerability in Apache OFBiz that allows pre-authenticated remote code execution. The vulnerability is being tracked as CVE-2024-38856 (CVSSv3.1: 9.8) and is considered a publicly disclosed zero-day vulnerability, though a patch was rapidly released and versions 18.12.15 and later remediate this vulnerability.