Security Bulletin

Flaw could let attackers escalate privileges on popular Google Android and Pixel devices.

Riding the wave of notoriety from the Chinese company's R1 AT chatbot, attackers are spinning up lookalike sites for different malicious use cases.

CISA and the FDA are warning that Contec CMS8000 and Epsimed MN-120 patient monitors are open to meddling and data theft; Claroty Team82 flagged the vulnerability as an avoidable insecure design issue.

The Institute for Critical Infrastructure Technology (ICIT) Digital Consolidation Risk and National Security briefing addresses the growing risks associated with IT and cybersecurity consolidation. The briefing showcases the findings and...

The Institute for Critical Infrastructure Technology (ICIT) Digital Consolidation Risk and National Security briefing addresses the growing risks associated with IT and cybersecurity consolidation. The briefing showcases the findings and...

The SaaS pricing model often excludes small businesses by charging a premium for core security features – that must change.

Multiple aliases have been leveraged by the hacker in conducting intrusions against the United Nations, the International Civil Aviation Organization, the Guardia Civil, and other public and private entities, which had their data stolen and sold in...

Such a vulnerability — which stems from a USB Video Class driver out-of-bounds write issue that could be exploited for privilege escalation — may have been used by forensic data extraction tools, according to the GrapheneOS development team.

The Dallas suburb noted in an online notice that the incident resulted in the compromise of names, addresses, Social Security numbers, credit card details, driver's license numbers, medical insurance data, and financial account details.

Information exposed by the incident included names, birthdates, email addresses, and employment history, said ICAO in an updated statement that emphasized the delivery of breach notices to impacted individuals.

Attacks commenced with the delivery of phishing emails with a Dropbox link that downloads a ZIP archive containing an internet shortcut file with a TryCloudflare URL that fetches an LNK file for further compromise, a report from Forcepoint X-Labs...

After luring targets into providing their curriculum vitae or GitHub link for fake cryptocurrency, finance, or travel job offers, attackers proceed to share a malicious repository with the project's "minimum viable product," which executes nefarious...