Security Bulletin

The Salt Typhoon attacks underscored the need for unity, innovation, and resilience in the face of an increasingly sophisticated cyber-threat landscape.

Signal was claimed to have been ignoring the country's requests for cooperation.

Garantex had its websites sequestered as part of a joint U.S. and European law enforcement clampdown.

MongoDB credentials accounted for most of the secrets exposed on public GitHub repositories.

Open-source AI models could be stealthily compromised through the exploitation of 4 security issues.

Initial attacks involved the utilization of the PipeMagic backdoor to distribute the exploit.

Several SSRF flaws have been concurrently abused by over 400 IP addresses.

Attacks by Medusa involved the enlistment of initial access brokers who are paid $100 to $1 million.

Littleton Electric Light and Water Departments was compromised for over 300 days in 2023.

UNC3886 targeted the outdated Juniper routers to deploy the Medusa and Reptile rootkits.

The new The F5 Application Delivery Controller and Security Platform combines BIG-IP, NGNIX and Distributed Cloud Services and new AI Gateway and AI Assistants.

Researchers from Symantec showed how OpenAI's Operator agent, currently in research preview, can be used to construct a basic phishing attack from start to finish.