Security Bulletin

Mounting economic uncertainty brought upon by President Donald Trump's tariffs on all goods imported to the U.S. are expected by Tenable co-CEO Steve Wintz to fuel more illicit cyber activity from its adversaries, Nextgov/FCW reports. "There's a...

Infosecurity Magazine reports that Washington State K-12 school district Highline Public Schools has acknowledged having had sensitive information from its students and faculty members stolen following a ransomware attack in September that resulted...

Officials at Texas' City of Lubbock have confirmed that data from 12,503 individuals have been compromised following a cyberattack against its utility payment website, according to The Record, a news site by cybersecurity firm Recorded Future.

South Korean artificial intelligence firm AI-NOMIS had 47.8 GB of data with 93,485 explicit AI-generated images depicting underage individuals and JSON files belonging to its AI image generator platform GenNomis inadvertently exposed by a...

BleepingComputer reports that Amazon Web Services, Google, Microsoft Azure, Hadoop, and other big data platforms could be subjected to significant compromise through the exploitation of a maximum-severity remote code execution vulnerability impacting...

Nearly 50 online merchants have already been compromised in intrusions exploiting Stripe's legacy application programming interface "api.stripe[.]com/v1/sources" for payment data validation part of an advanced web skimmer campaign that has been...

Exposed SpotBugs token caused GitHub supply chain intrusion, report finds More than 200 GitHub repositories had their secrets exposed in a supply chain attack against tj-actions/changed-files that was originally aimed at major U.S. cryptocurrency...

Attacks with the nascent Wrecksteel malware were disclosed by Ukraine's Computer Emergency Response Team to have been launched by the UAC-0219 hacking operation against the country's government entities and critical infrastructure organizations last...

Hackread reports that U.S. cloud communications firm Twilio has dismissed the purported breach of its platform and its cloud-based email delivery subsidiary SendGrid after the threat actor "Satanic" claimed to exfiltrate data from 848,960 SendGrid...

Signal, Wickr, WhatsApp, and Cape all have different approaches to security and privacy, yet most are finding ways to make secure communications more private.

At least three major energy solution and renewable energy companies have nearly 50 vulnerabilities — many of them "basic" mistakes — indicating a lack of developed cybersecurity safeguards.

A previously unknown remote code execution vulnerability in the Ivanti Connect Secure VPN platform is being actively exploited in the wild by Chinese threat actors, prompting alerts from Google’s Mandiant team