Security Bulletin

After detecting a zero-day attack, the country's effective response was attributed to the tight relationship between its government and private industry.

Keenadu downloads payloads that hijack browser searches, commit ad fraud, and execute other actions without user knowledge.

Russia-aligned groups are probable culprits behind the wiper attacks against renewable energy farms, a manufacturer, and a heating and power plant.

Remote monitoring and management (RMM) software offers hackers multiple benefits, including stealth, persistence, and operational efficiency.

ClickFix campaigns have adapted to the latest defenses with a new technique to trick users into infecting their own machines with malware.

The GS7 cyberthreat group targets US financial institutions with near-perfect imitations of corporate portals to steal credentials and gain remote access.

30 copycat apps tricked users, and Google itself, into thinking they're legitimate AI tools.

Zscaler's acquisition of SquareX comes as competitors like CrowdStrike and Palo Alto Networks are also investing in secure browser technologies.

Threat actors are exploiting security gaps to weaponize Windows drivers and terminate security processes in targeted networks, and there may be no easy fixes in sight.

Espionage groups from China, Russia and other nations burned at least two dozen zero-days in edge devices in attempts to infiltrate defense contractors’ networks.

As AI deployments scale and start to include packs of agents autonomously working in concert, organizations face a naturally amplified attack surface.

It's time to phase out the "patch and pray" approach, eliminate needless public interfaces, and enforce authentication controls, one expert says.