Security Bulletin

Inc ransomware — one of the most popular among cybercriminals today — meets healthcare, the industry sector most targeted by RaaS.

US ports rely on cranes manufactured by a Chinese state-owned company, many with unmonitored cellular connections, causing cybersecurity concerns.

The tactics used by Vanilla Tempest such as lateral movement via RDP are not novel – but attacks on healthcare by yet another ransomware strain complicates the picture.

The first patch lets threat actors with low-level credentials still exploit the vulnerability, while the second fully resolves the flaw.

As organizations invest in AI copilots, we ask: what features make them truly impactful?

Once a user's device is infected as part of an ongoing Flax Typhoon APT campaign, the malware connects it to a botnet called Raptor Train, initiating malicious activity.

By enhancing threat detection, enabling real-time risk assessment, and providing predictive insights, AI is empowering organizations to build more robust defenses against cyber threats.

Eliminating XSS flaws requires written threat model and code reviews, adversarial product testing, and advanced web frameworks for appropriate escaping or quoting, said the agencies in a joint alert.

For China, cyberattacks are a way to slowly degrade the U.S. manufacturing sector before actual hostilities break out.

Aside from determining the most invaluable ransomware disruption metrics, the Justice Department should also establish a ransomware action plan for the next two years, as well as work to resolve the infighting between various law enforcement agencies...

Included among the files in the unsecured 193 GB database were information regarding fuel and petroleum shipments, invoices, and delivery tickets to and from companies, pipelines, and industries across several states, including California, Colorado...