Security Bulletin

At RSAC 2025, experts say Secure by Design is delivering real wins — yet unchecked development speed and supply chain risks still threaten progress.

CyberArk researchers studied how specific neurons and layers of LLM architecture respond to prompts.

Details are scarce, so security experts say jumping to conclusions on who executed the alleged cyberattack is premature.

Campaigns lure victims with rewards in exchange for handing over their personal information.

The FBI has sought public information that would help identify Chinese state-backed Salt Typhoon hackers, reiterating an up to $10 million bounty from the U.S. State Department's Rewards for Justice Program for any details that would help in the...

Reuters reports that the U.S.'s cybersecurity defenses were regarded by former Cybersecurity and Infrastructure Security Agency Director Jen Easterly to be increasingly vulnerable against threats following President Donald Trump's retaliatory actions...

Critical Planet Technology switch vulnerabilities pose total takeover risk Total network device compromise is possible with attacks exploiting critical flaws impacting Planet Technology's network management systems and switches, reports Hackread.

Organizations using Ivanti Connect Secure and Pulse Secure VPN systems have been urged to update their instances following a ninefold increase in suspicious IP scanning activity recorded on Apr. 18, The Register reports.

Threat actors have been combining a pair of critical Craft CMS vulnerabilities to facilitate server compromise as part of ongoing attacks, according to BleepingComputer.

Security Affairs reports that cloud tenants in the education industry have been targeted by the Storm-1977 threat operation in password spraying attacks that facilitated cryptomining activities during the past 12 months.

Initial access broker ToyMaker has been providing Cactus ransomware gang and other double extortion threat operations access to compromised systems, The Hacker News reports.

TikTok had its user database claimed to have been stolen by the R00TK1T hacking collective, which has already posted a sample of credentials belonging to 972,000 users, according to GBHackers News.