Security Bulletin

It's become a standard practice for organizations to disclose the bare minimum about a data breach, or worse — not disclose the incident at all.

Claude Code's introduction rippled across the stock market, but researchers and analysts say its impact was overstated, as they peel back the layers.

A Nemzetbiztonsági Szakszolgálat Nemzeti Kiberbiztonsági Intézet (NBSZ NKI) riasztást ad ki a Cisco Catalyst SD-WAN Controller (korábban vSmart) és a Cisco Catalyst SD-WAN Manager (korábban vManage) rendszereket érintő, CVE-2026-20127 azonosítón...

When a company gets breached through a third-party security vendor, who should bear responsibility? For one FinTech company, the answer is the firewall provider.

The maximum-severity vulnerability CVE-2026-20127 was exploited by an unknown but sophisticated threat actor who left very little evidence behind.

A Chinese keyboard warrior inadvertently leaked information about politically motivated influence operations through a ChatGPT account.

The vulnerabilities highlight a big drawback to integrating AI into software development workflows and the potential impact on supply chains.

Researchers suggest defenders monitor how these malicious groups re-form and leverage the useful threat intel to guide their next moves.

The PCI Security Standards Council experienced a record year in many regards, but its first annual report shows it needs to work even faster to stay ahead of attackers.

Linked to North Korean fake job-recruitment campaigns, the poisoned repositories are aimed at establishing persistent access to infected machines.

Attackers are bypassing email gateways through telephone-oriented attack delivery (TOAD), in which the only email payload is a phone number.

ICS/OT experts have devised a scoring system for rating the severity and effects of cybersecurity events in operational technology environments.