Security Bulletin

The untapped risks of non-human identities and the growing security challenge they represent to business.

Updates have been issued by Splunk to address over 15 vulnerabilities impacting its products and third-party dependencies, the most serious of which is the high-severity deserialization of untrusted data bug in Secure Gateway, tracked as CVE-2024...

"Based on available data, critical power supply systems have not been affected and are operational, and the investigation is currently ongoing. In the event of a ransomware infection, the Directorate strongly recommends that no one pay the ransom...

Internal and external cybersecurity experts have immediately acted to investigate and address the incident upon its discovery, said Krispy Kreme in a filing with the Securities and Exchange Commission.

Aside from exploiting a domain generation algorithm and conducting environment checks to prevent execution on other systems, the newly discovered Zloader variant has also been spread through the GhostSocks payload as part of an updated attack chain...

Intrusions involved the exploitation of trusted domains, such as Adobe.com and Google AMP, to evade detection, according to a report from Group-IB.

Security isn't just about tools — it's about understanding how the enemy thinks and why they make certain choices.

Attackers using U.S., Canadian, Moldovan, Lithuanian, and Dutch IP addresses targeted vulnerable Cleo LexiCom, Harmony, and VLTrader instances to facilitate the writing of new files into the targeted endpoints' autorun directory, triggering the...

The feature was rarely effective at blocking tracking and is succeeded by the Global Privacy Control, according to Mozilla.

The US State Department has offered a $10 million reward for Guan Tianfeng, who has been accused of developing and testing a critical SQL injection flaw with a CVSS score of 9.8 used in Sophos attacks.

Threat actors punch holes in the company's online ordering systems, tripping up doughnut deliveries across the US after a late November breach.

Oasis researchers say they reported the bug in June – and Microsoft patched it in October.