Cybernews reports that Paris-based software firm Kaspr — which provides a paid Chrome browser extension allowing the gathering of LinkedIn users' professional contact information — has been ordered by France's National Commission on Informatics and Liberty to pay $249,600 for data scraping violations under the European Union's General Data Protection Regulation.

Alleged NetWalker ransomware affiliate Daniel Christian Hulea has been subjected to a two-decade prison sentence for leveraging the ransomware to extort $21.5 million worth of Bitcoin alongside a co-conspirator, SecurityWeek reports

Hotfixes have been revealed for three vulnerabilities affecting Sophos Firewall versions 21.0 GA and older, two of which were of critical severity, reports The Hacker News.

SecurityWeek reports that Rockwell Automation has issued fixes for a trio of critical flaws impacting Allen-Bradley PowerMonitor 1000 instances, which could be leveraged to infiltrate and disrupt industrial systems.

Major U.S. healthcare system Ascension Health had data from more than 5.599 million patients and employees compromised in a cyberattack earlier this year, which was attributed to the Black Basta ransomware-as-a-service operation, Cybernews reports

Organizations in Brazil, Peru, France, Spain, Switzerland, Croatia, Namibia, India, Turkey, Mongolia, Indonesia, and the United Arab Emirates have been targeted in attacks targeting Fortinet FortiClient EMS instances affected by the critical SQL injection vulnerability, tracked as CVE-2023-48788, to facilitate remote desktop software injections, according to The Hacker News

BleepingComputer reports that high-performance JavaScript bundler Rspack and customizable Vue.js UI library Vant had a trio of widely-used npm packages discovered by Sonatype and Socket researchers to have been breached to facilitate the distribution of the XMRig cryptocurrency mining malware as part of a supply chain attack

Malicious activity involving the new FlowerStorm phishing-as-a-service platform aimed at Microsoft 365 credentials has escalated following a technical issue that prompted the "partial" infrastructure collapse of the Rockstar2FA PhaaS platform last month, according to BleepingComputer

Cisco has disclosed plans to purchase Virginia-based threat detection and defense firm SnapAttack as part of its efforts to bolster threat-informed defenses across enterprises..

Growing hesitancy and challenges in conducting immediate intrusion assessments necessary to avoid penalties from the SEC have led to materiality being detailed in only a tenth of incident disclosures this year.