Security Bulletin

Adam Meyers, senior vice president of counter-adversary operations at CrowdStrike says manual attacks, which involve direct interaction with compromised systems rather than relying on malware or automated tools, are gaining traction among...

The vulnerability, tracked as CVE-2024-44131, was discovered in the FileProvider component and has been fixed in iOS 18, iPadOS 18, and macOS Sequoia 15 through improved validation of symbolic links.

A newly discovered vulnerability, CVE-2024-53677, in the aging Apache framework is going to cause major headaches for IT teams, since patching isn't enough to fix it.

Modern identity verification (IDV) approaches aim to connect digital credentials and real-world identity without sacrificing usability.

Non-human identities authenticate machine-to-machine communication. The big challenge now is to secure their elements and processes — before attackers can intercept.

Seemingly innocent "white pages," including an elaborate Star Wars-themed site, are bypassing Google's malvertising filters, showing up high in search results to lure users to second-stage phishing sites.

The draft of the long-awaited update to the NCIRP outlines the efforts, mechanisms, involved parties, and decisions the US government will use in response to a large-scale cyber incident.

A balance of rigorous supplier validation, purposeful data exposure, and meticulous preparation is key to managing and mitigating risk.

Existing tools bury analysts in data – we need a proactive approach focused on prevention, not just detection.

The number of DDoS-related incidents targeting APIs have jumped by 30x compared with traditional Web assets, suggesting that attackers see the growing API landscape as the more attractive target.

A 32-year-old was sentenced on criminal hacking charges related to a data-stealing malware operation.

The agency asks the cybersecurity community to adopt "romance baiting" in place of dehumanizing language.