Security Bulletin

FedScoop reports that the U.S. Department of Commerce's Bureau of Industry and Security was discovered by the department's Office of Inspector General to have subpar cybersecurity threat detection and response capabilities.

The U.S. Securities and Exchange Commission has withdrawn proposed Biden-era cybersecurity rules that would have mandated investment firms and advisors to establish cyber risk-addressing policies and disclose significant cyber incidents over the past...

Attackers could achieve escalated SYSTEM privileges on Windows machines through the exploitation of a high-severity ASUS Armoury Crate system management software vulnerability, tracked as CVE-2025-3464, BleepingComputer reports.

Updates have been issued by Tenable to address a trio of high-severity security issues impacting its Nessus vulnerability scanner for Windows, reports Infosecurity Magazine.

TechCrunch reports that leading North American grocery wholesaler United Natural Foods, Inc., has disclosed significant progress in restoring its electronic ordering systems following a cyberattack nearly two weeks ago, which has led to food...

Though its operations are running smoothly, the airline warned customers and employees to exercise caution when sharing personal information online.

CISA issued a handful of alerts to address vulnerabilities in 10 industrial control appliances.

GrayAlpha uses custom loaders to deploy the NetSupport RAT backdoor.

Unlike typical data-stealing malware, this attack tool targets data specific to corporate and cloud infrastructures in order to execute supply chain attacks.

When security becomes a performance, the fallout isn’t just technical, it’s organizational.

The threat of wiping files and servers clean gives Anubis affiliates yet another way to leverage ransomware victims who may be hesitant to pay to get their data back, Trend Micro said.

Bad package takes aim at AI apps that contain MacOS data, CI/CD pipelines, and AWS tokens.