Security Bulletin

Google addresses patch bypasses for CVE-2024-38272 and CVE-2024-38271, part of the previously announced "QuickShell" silent RCE attack chain against Windows users.

While Israel and Iranian proxies fight it out IRL, their conflict in cyberspace has developed in parallel. These days attacks have decelerated, but advanced in sophistication.

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) is sounding the alarm over a series of high-risk vulnerabilities present in industrial control systems

By using fake references and building connections with recruiters, some North Korean nationals are landing six-figure jobs that replenish DPRK coffers.

The IT service management and observability tools company acquired Squadcast last month and is adding the automated incident response platform to the SolarWinds portfolio.

Twenty bugs in GRUB2, U-boot and Barebox were found in an AI-assisted process.

While the House Committee on Government Reform was looking for retaliatory options, cybersecurity experts pointed them toward building better defenses.

Merchants and retailers will now face penalties for not being compliant with PCI DSS 4.0.1, and the increased security standards make it clear they cannot transfer compliance responsibility to third-party service providers.

The bad actor’s TTPs closely align to the Storm-1811 threat group identified last year by Microsoft, say Ontinue researchers.

The US military and law enforcement learned to outthink insurgents. It's time for cybersecurity to learn to outsmart and outmaneuver threat actors with the same framework.

Cybercrime has surged, with the FBI receiving over 800,000 complaints that resulted in $12.5 billion in losses, including more than $1 billion in Texas alone, according to a report by MRT.

Automotive cyberattacks have caused tens of billions in damages from 2022 to 2024, highlighting escalating threats to vehicle security, according to a study by cybersecurity firm VicOne, Repairer Driven News reports.