Security Bulletin

Aside from primarily leveraging basic usernames for their accounts, organizations impacted by ransomware intrusions from July to September — including those in the government and healthcare industries — also mostly failed to implement multi-factor...

Data within the unsecured database included military personnel and their supporters' full names, images, mailing addresses, locations, images, Social Security numbers, and National Insurance numbers, a report by cybersecurity researcher Jeremy Fowler...

Numerous cybersecurity-related measures have been advanced by the Senate Homeland Security and Governmental Affairs Committee, led by the Federal Contractor Cybersecurity Vulnerability Reduction Act of 2024, which would mandate the adoption of...

Included in the Phobos-hit organizations that paid a ransom were a California public school system, a North Carolina children's hospital, a Maryland-based accounting and consulting service provider, and health organizations in Pennsylvania and...

MITRE has regarded cross-site scripting flaws as the most common and severe software vulnerabilities this year, followed by out-of-bounds write, SQL injection, cross-site request forgery, and path traversal issues.

Attacks involving Ghost Tap commence with the compromise of payment card data and one-time passwords for virtual wallets, which are then delivered by a relay server to money mules who could withdraw the funds without being easily detected...

Intrusions by Liminal Panda, which had some components resembling those leveraged in LightBasin attacks, involved the utilization of the SIGTRANslator Linux ELF binary, network-scanning CordScan utility, and the PingPong backdoor, according to an...

The future of cybersecurity isn't about preventing every breach — it's about learning and growing stronger with each attack.

When a cybersecurity incident occurs, it's not just IT systems and data that are at risk — a company's reputation is on the line, too.

Google’s move will spur other providers to encourage MFA – and that’s a positive development for our industry.

A Nemzetbiztonsági Szakszolgálat Nemzeti Kibervédelmi Intézet (NBSZ NKI) riasztást ad ki kritikus kockázati besorolású sérülékenységekről Palo Alto tűzfalak, VMware vCenter szerverszoftverek, valamint a Fortinet VPN klienst érintően, a termékek...

The five vulnerabilities could lead to local privilege escalation without user interaction.