Security Bulletin

Internet Archive's latest breach was noted by the threat actor to have stemmed from the digital library nonprofit's failure to rotate its authentication tokens.

Initial access in a pair of intrusions part of the attack campaign involved Crypto Ghouls utilizing a VPN and a contractor's login credentials, followed by the exploitation of NSSM and Localtonet for remote access.

Malicious emails alerting of state-sponsored intrusions have been sent to lure organizations' cybersecurity teams into downloading the fraudulent "ESET Unleashed program," which features several ESET DLLs and would enable file and data deletion upon...

Okta brought its partners to Las Vegas for the annual Oktane conference. Here are the highlights.

For CISOs to keep the board apprised of the potential risks from a breach, they’ll need the security equivalent of the GAAP accounting standards.

The "Code-on-Toast" supply chain cyberattacks by APT37 delivered data-stealing malware to users in South Korea who had enabled Toast pop-up ads.

The European Union adopted a new law setting EU-wide cybersecurity requirements for connected devices to ensure their safety.

The experimental SQL Expressions feature contains a flaw due to insufficient query sanitization.

Microsoft researchers toyed with app permissions to uncover CVE-2024-44133, using it to access sensitive user data. Adware merchants may have as well.

Microsoft warns users to patch the HM Surf flaw because Defender detected it was actively exploited.

Adoption of the email authentication and policy specification remains low, and only about a tenth of DMARC-enabled domains enforce policies. Everyone is waiting for major email providers to get strict.

The security firm is denying an assessment that its systems were compromised in Israel by pro-Palestinian cyberattackers, but acknowledged an attack on one of its partners.