Security Bulletin

Such an incident — which comes within six months of separate crypto heists against fellow Singaporean cryptocurrency platforms BingX and Penpie — showcased levels of sophistication that could have only been conducted by North Korean threat actors...

After leveraging a vulnerability and the privilege escalation tools PsExec and JuicyPotato to gain SYSTEM access on targeted devices, Andariel stealthily established a low-privilege local user before altering the Security Account Manager registry to...

After infiltrating ESXi instances by leveraging known vulnerabilities or stolen admin credentials, ransomware gangs proceed to utilize the built-in SSH service to facilitate lateral movement and ransomware delivery without being detected, according...

The number of CISOs who report directly to the CEO is up sharply in recent years, but many still say it's not enough to secure adequate resources.

CISA warned that attackers are chaining a number of CVE-listed vulnerabilities into a single exploit script.

Nearly 1,000 imitation pages were discovered, targeting users looking for other software.

A departmentwide initiative has now led to five major law enforcement actions, in an attempt to curb the increasingly common trend of North Korean hackers posing as IT job applicants.

Small and midsize companies tend not to check for NAS updates, so customers advised to patch right away.

The MITRE framework's applied exercise provides defenders with critical feedback about how to detect and defend against common, but sophisticated, attacks.

The bug has been given a 9.9 CVSS score, and could allow authenticated threat actors to escalate their privileges to admin-level if exploited.