Security Bulletin

The sweeping new regulations show that China's serious about hardening its own networks after launching widespread attacks on global networks.

Phantom Taurus demonstrates a deep understanding of Windows environments, including advanced components like IIServerCore, a fileless backdoor that executes in memory to evade detection.

A sophisticated new banking malware is hard to detect, capable of stealing lots of money, and infecting thousands of people in Italy and Spain.

A seemingly benign privilege-escalation process in VMware and other software has likely benefited attackers and other malware strains for years, researchers noted.

Agentic AI has introduced abundant shadow artificial intelligence (AI) risks. Cybersecurity startup Entro Security extends its platform to help enterprises combat the growing issue.

Flaws in individual models of Google's AI suite created significant security and privacy risks for users, demonstrating the need for heightened defenses.

A researcher-developed framework could enable attackers to conduct real-time conversations using simulated audio to compromise organizations and extract sensitive information.

The Internet of Things (IoT) has made everything more interconnected than ever, but an important US government security initiative is stuck in limbo even as threat actors step up attacks on everything from medical gear to printers.

The first known malicious MCP server is an AI integration tool that automatically sends email such as those related to password resets, account confirmations, security alerts, invoices, and receipts to threat actors.

Akira ransomware actors are currently targeting SonicWall firewall customers vulnerable to a bug discovered last year.

Attackers impersonate the National Police of Ukraine to deploy Amatera Stealer and PureMiner, using malicious Scalable Vector Graphics to trick victims.

A Nemzeti Kiberbiztonsági Intézet riasztást ad ki a Cisco ASA/FTD tűzfalakat érintő, több – közülük kettő aktívan kihasznált – sérülékenység, valamint a sebezhető eszközök elleni aktív kibertámadási hullám kapcsán. A kampány célzottan az ASA/FTD...