Security Bulletin

Attackers operated an active C2 implant for up to a week and compromised AppSec vendor Xygeni's xygeni/xygeni-action in that time.

Two attacks on Qatari entities signal a shift in focus for China-backed actors and demonstrate how quickly they can pivot in response to geopolitical events.

Data centers — used by both governments and militaries for operations — are now fair game, not just for cyberattacks, but for kinetic attacks as well.

For a change, there's little in this month's Patch Tuesday that should cause panic, according to security experts.

Some customers have mishandled guest user configurations otherwise intended to allow third-party access to important — and sensitive — client data.

After several years of using simple implants, the Russia-affiliated actor is back with two new sophisticated malware tools.

A campaign by Russian-speaking cyberattackers hijacks workflows to deliver security-busting malware, allowing attackers to steal data without detection.

In a seven-page strategy document, the Trump administration signaled a shift to preemption and deterrence to handling cyber threats.

A fresh cyberattack campaign blends malvertising with a ClickFix-style technique that highlights risky behavior with AI coding assistants and command-line interfaces.

An undefined Chinese-speaking actor wields a combo of custom malware, open source tools, and LOTL binaries against Windows and Linux, likely for spying.

Cylake's platform will analyze security data locally and identify potential attacks for organizations concerned about data sovereignty.

DPRK worker scams are old hat, but they're still working, thanks to AI tools that help with everything from face swapping to daily emails.