Security Bulletin

Internal and external cybersecurity experts have immediately acted to investigate and address the incident upon its discovery, said Krispy Kreme in a filing with the Securities and Exchange Commission.

Aside from exploiting a domain generation algorithm and conducting environment checks to prevent execution on other systems, the newly discovered Zloader variant has also been spread through the GhostSocks payload as part of an updated attack chain...

Intrusions involved the exploitation of trusted domains, such as Adobe.com and Google AMP, to evade detection, according to a report from Group-IB.

Security isn't just about tools — it's about understanding how the enemy thinks and why they make certain choices.

Attackers using U.S., Canadian, Moldovan, Lithuanian, and Dutch IP addresses targeted vulnerable Cleo LexiCom, Harmony, and VLTrader instances to facilitate the writing of new files into the targeted endpoints' autorun directory, triggering the...

The feature was rarely effective at blocking tracking and is succeeded by the Global Privacy Control, according to Mozilla.

The US State Department has offered a $10 million reward for Guan Tianfeng, who has been accused of developing and testing a critical SQL injection flaw with a CVSS score of 9.8 used in Sophos attacks.

Threat actors punch holes in the company's online ordering systems, tripping up doughnut deliveries across the US after a late November breach.

Oasis researchers say they reported the bug in June – and Microsoft patched it in October.

Researchers at Cavero have created a correlating numbers mechanism, adding a layer of privacy that even threat actors can't gain enough information to breach.

The U.S. Department of Justice offers $10 million for information leading to arrest of hacker.

A critical flaw in the company's rate limit for failed sign-in attempts allowed unauthorized access to a user account, including Outlook emails, OneDrive files, Teams chats, Azure Cloud, and more.