Security Bulletin

With access to SIM, location data, and a preview of recent SMSes, attackers have everything they need for account takeover or targeted social engineering.

Three of those zero-days are security feature bypass flaws, which give attackers a way to slip past built-in protections in multiple Microsoft products.

CISOs should focus on harnessing and securing AI and building new skills among their people. Vision and change management can transform security.

How a platform engineering team embeds supply chain security into infrastructure without slowing developers.

The acquisition allows the credit reporting agency to add SMS spam and scam prevention to its robocall blocking capabilities.

The ransomware group breached SmarterTools through a vulnerability in the company's own SmarterMail product.

Ironically, security by obscurity has helped prevent dangerous OT attacks in recent years. It won't be that way forever.

The threat actor has been compromising cloud environments at scale with automated worm-like attacks on exposed services and interfaces.

Researchers discovered a newly disclosed vulnerable driver embedded in Black Basta's ransomware, illustrating the increasing popularity of the defense-evasion technique.

Ask the Expert: Organizations need to close the ownership vacuum, establish durable security controls, and ensure printers are protected as rigorously as other endpoints.

The Electronic Frontier Foundation is urging major technology companies to follow through on their promises to implement end-to-end encryption (E2E) by default across their services, as privacy concerns mount amid increased AI use.

Recent supply chain attacks involving self-propagating worms have spread far, but the damage and long-term impact is hard to quantify.