Security Bulletin

We are excited to introduce LLMail-Inject, a new challenge focused on evaluating state-of-the-art prompt injection defenses in a realistic simulated LLM-integrated email client. In this challenge, participants assume the role of an attacker who sends...

The major USAID contractor says unauthorized access continued up to 25 days after the intrusion was first detected.

Researchers testing generative AI systems can use prompt injection, re-register after being banned, and bypass rate limits without running afoul of copyright law.

From phishing traps to third-party risks, these hard-hitting insights reveal what went wrong—and how to fortify your identity defenses for the future.

Cloudflare Tunnels is just the latest legitimate cloud service that cybercriminals and state-sponsored threat actors are abusing to hide their tracks.

A notorious Kremlin-backed hacking group is using a legitimate network service to coordinate targeted attacks.

While BT Group emphasized that only its BT Conferencing platform had been subjected to an attempted compromise that did not affect its other services, Black Basta claimed to have exfiltrated 500 GB of data from the firm's servers, including user...

A single barrier prevented attackers from exploiting a critical vulnerability in an enterprise collaboration platform. Now there's a workaround.

After achieving initial access to a Storm-0156 C2 server in December 2022, Turla sought to take over more of the Pakistani threat operation's C2s to compromise Afghan government organizations' networks with the TwoDash downloader and Statuezy trojan.

"We wanted to make sure we did it before the holidays, so we could start writing out how we think about the problem, and then ultimately, what are the key recommendations that we need to bring forward to enable us to strengthen the security of the...

At least 17 affiliate groups have used the "DroidBot" Android banking Trojan against 77 financial services companies across Europe, with more to come, researchers warn.

The offerings are AI cybersecurity assistant BIX, Cyber Risk Assessments, a one-time AI-powered vulnerability evaluation, and a continuous threat and exposure management platform called D3.