Security Bulletin

Attacks with the chained vulnerabilities have been thwarted by three organizations, with the first preventing compromise following sysadmin identification of suspicious user accounts and the second averting the breach after an endpoint protection...

Attackers who made fraudulent but verified Ross Ulbricht accounts on X, formerly Twitter, sought to lure users into joining Telegram channels purporting to be Ulbricht portals, which provided a walk through on the bogus Safeguard identity...

Execution of a trojanized installer triggers deployment of a loader with another DLL eventually resulting in the running of SlowStepper, which supports commands enabling extensive system info theft, file deletion, Python module execution, and self...

The AI-powered work platform helps organizations securely identify and access internal enterprise data as part of business processes and workflows.

The rush to say "yes" allows cybersecurity teams to avoid hard conversations with business stakeholders but also risks losing their ability to effectively protect organizations.

The new administration moved quickly to remove any constraints on AI development and collected $500 billion in investment pledges for an American-owned AI joint venture.

Advanced persistent threat group PlushDaemon, active since 2019, is using a sophisticated modular backdoor to collect data from infected systems in South Korea.

The pardon comes after 11 years in prison for Ross Ulbricht, who was sentenced to life without parole on several charges, including computer hacking, distribution of narcotics, and money laundering.

The vulnerability could enable attackers to use nested archives to bypass Windows security warnings.

Attackers drop infostealer malware that grabs credentials, web browser data, and crypto wallets.

The flurry of non-human identity attacks at the end of 2024 demonstrates extremely strong momentum heading into the new year. That does not bode well.