Security Bulletin

The attacks on retailers won’t stop any time soon – here are five ways to get ready.

AI tools shook up development. Now, product security must change too.

Apex will enhance Tenable's AI Aware tool by mitigating the threats of AI applications and tools not governed by organizations, while enforcing existing security policies.

The rate of compensation gains has slowed from the COVID years, and budgets remain largely static due to economic fears, but CISOs are increasingly gaining executive status and responsibilities.

The software company, which specializes in remote IT management, said a "sophisticated nation state actor" was behind the attack but provided few details.

Infosecurity Magazine reports that cybersecurity budgets' percentage of annual organizational spending has declined from 1.1% to 0.6% during the last two years, even though cybersecurity has provided $36 million for every enterprise-wide initiative...

Microsoft has advised Authenticator app users regarding the deprecation of the app's password autofill functionality beginning in July, which should prompt usage of Microsoft Edge instead, BleepingComputer reports.

More than 90% of the top 1.8 million email domains worldwide could be compromised in spoofing attacks, as only 7.7% of the said domains have adopted the most extensive Domain-based Message Authentication, Reporting, and Conformance policy dubbed 'p...

Cybernews reports that Kaiser Permanente, the largest health plan provider in the U.S., has attributed sweeping system outages on Wednesday that prevented electronic health records access and patient care services across several of its locations to...

Brazil-based Unimed, which is the largest healthcare cooperative worldwide, had at least 14 million patient conversations with doctors and its chatbot "Sara" leaked by an unsecured instance of the open-source real-time data transmission platform...

Cyber Security News reports that malicious actors could exploit a new low-severity vulnerability in Apache Tomcat's CGI servlet, tracked as CVE-2025-46701, to circumvent security configuration under certain conditions.

Apple's Safari web browser was discovered to have a Fullscreen API security issue, which could be abused to enable fullscreen browser-in-the-middle intrusions concealing the address bar of the parent window, reports BleepingComputer.