Security Bulletin

A campaign by Russian-speaking cyberattackers hijacks workflows to deliver security-busting malware, allowing attackers to steal data without detection.

In a seven-page strategy document, the Trump administration signaled a shift to preemption and deterrence to handling cyber threats.

A fresh cyberattack campaign blends malvertising with a ClickFix-style technique that highlights risky behavior with AI coding assistants and command-line interfaces.

An undefined Chinese-speaking actor wields a combo of custom malware, open source tools, and LOTL binaries against Windows and Linux, likely for spying.

Cylake's platform will analyze security data locally and identify potential attacks for organizations concerned about data sovereignty.

DPRK worker scams are old hat, but they're still working, thanks to AI tools that help with everything from face swapping to daily emails.

The European Union is taking new precautions as climate change and cybersecurity threats rise across the automotive industry.

Iran has been hacking IP cameras to plan missile strikes against its enemies, and mounting other attacks on physical assets, showing how cyber and kinetic warfare are fast becoming one in the same.

Using Anthropic's Claude, OpenAI's ChatGPT, and a detailed playbook prompt, a handful of cyberattackers reportedly gained access to government agencies and its citizens' data.

Pakistan's APT36 threat group has begun using vibe-coding to churn out mediocre malware, but at a scale that could overwhelm defenses.

The phishing-as-a-service platform was popular among cyber threat actors because of its ability to bypass multifactor authentication defenses.

Edge bugs are so fetch, and Cisco just dropped 50 new ones, including some heavy hitters with 10 out of 10 scores on the CVSS scale.