Security Bulletin

Attacks with the nascent Wrecksteel malware were disclosed by Ukraine's Computer Emergency Response Team to have been launched by the UAC-0219 hacking operation against the country's government entities and critical infrastructure organizations last...

Hackread reports that U.S. cloud communications firm Twilio has dismissed the purported breach of its platform and its cloud-based email delivery subsidiary SendGrid after the threat actor "Satanic" claimed to exfiltrate data from 848,960 SendGrid...

Signal, Wickr, WhatsApp, and Cape all have different approaches to security and privacy, yet most are finding ways to make secure communications more private.

At least three major energy solution and renewable energy companies have nearly 50 vulnerabilities — many of them "basic" mistakes — indicating a lack of developed cybersecurity safeguards.

A previously unknown remote code execution vulnerability in the Ivanti Connect Secure VPN platform is being actively exploited in the wild by Chinese threat actors, prompting alerts from Google’s Mandiant team

Beginning on May 5, the tech giant will enforce new email authentication protocols for Outlook users who send large volumes of email.

Sites mimicking DeepSeek, AutoCAD, UltraViewer and more lead to remote system access.

The vendor had originally assessed the flaw as low risk but now says it is a critical issue that enables remote code execution.

CrushFTP CEO Ben Spink slammed several cybersecurity companies for creating confusion around a critical authentication bypass flaw that's currently under attack.

Fast flux lets attackers set up complete C2 ops inside an enterprise network, prompting security pros to say it’s a “big-time wakeup call.”

The malware, first discovered in 2016, has been updated over the years, and the latest version is now hiding in the firmware of counterfeit mobile phones.