Security Bulletin

Cyberthreat groups increasingly see small and medium-sized businesses, especially those with links to larger businesses, as the weak link in the supply chain for software and IT services.

Cybersecurity firms tend to be more software- and service-oriented than their peers, and threats tend to increase during a downturn, leaving analysts hopeful that the industry will buck a recession.

The vulnerability is only found in the vendor's router series and can be triggered by an attacker using a crafted request — all of which helps make it a highly critical vulnerability with a 9.2 CVSS score.

The AI security race is on — and it will be won where defenders come together with developers and researchers to do things right.

SiliconAngle reports that Cy4Data Labs, a California-based data protection startup, has obtained $10 million from its initial funding round, which will be allocated toward bolstering sales and marketing for its Cy4Secure data security solution that...

U.S. Office of Management and Budget Director Russell Vought has been urged by a group of 48 House Democrats to provide more details regarding unauthorized artificial intelligence usage by the Elon Musk-led Department of Government Efficiency...

Bruce Schneier on security theater, AI snake oil, and the limits of cryptographic morality.

Cybernews reports that dark web marketplace Nemesis Market had its founder Behrouz Parsarad indicted by the U.S.

Alleged SmokeLoader botnet operator Nicholas Moses, also known as "scrublord", has been charged by federal prosecutors with a count of conspiracy to commit fraud and other computer-related activity over the compromise of more than 65,000 individuals'...

ASUS has disclosed that its routers with the AiCloud feature activated are affected by the critical authentication bypass vulnerability, tracked as CVE-2025-2492, which could be leveraged to facilitate unauthorized function execution, Security...

BleepingComputer reports that Google was discovered by Ethereum Name Service lead developer Nick Johnson to have had an OAuth vulnerability leveraged to facilitate the delivery of a bogus email purporting to be a security alert from the company with...

Android devices have been targeted with the new SuperCard X malware-as-a-service platform to pilfer funds from payment cards as part of a new scam that also involves social engineering and NFC exploitation, according to The Record, a news site by...