Security Bulletin

Open source Prometheus servers and exporters are leaking plaintext passwords and tokens, along with API addresses of internal locations.

Law enforcement across mainland China have been using EagleMsgSpy surveillance tool to collect mobile device data since at least 2017, new research shows.

Researchers demonstrate how to hack Ruijie Reyee access points without Wi-Fi credentials or even physical access to the device.

In this webcast, Adrian Sanabria, host of the Enterprise Security Weekly podcast, and Jack Carraway, Field CISO at Dataminr, discuss the growing importance of third-party risk management and how organizations can leverage AI and public data to gain...

In Operation PowerOFF, global authorities aim to deter individuals from engaging in malicious cyber acts.

Europol leads 15-nation effort to neutralize attacks before the Christmas holidays go into full swing.

The rules necessary to secure US communications have already been in place for 30 years, argues Sen. Wyden, the FCC just hasn't enforced them. It's unclear if they will help.

The untapped risks of non-human identities and the growing security challenge they represent to business.

Updates have been issued by Splunk to address over 15 vulnerabilities impacting its products and third-party dependencies, the most serious of which is the high-severity deserialization of untrusted data bug in Secure Gateway, tracked as CVE-2024...

"Based on available data, critical power supply systems have not been affected and are operational, and the investigation is currently ongoing. In the event of a ransomware infection, the Directorate strongly recommends that no one pay the ransom...