Security Bulletin

SafeBreach argues that Microsoft’s narrow definition of a flaw leaves the Windows kernel open to attacks.

Posing as an application used to locate Ukrainian military recruiters, a Kremlin-backed hacking initiative delivers malware, along with disinformation designed to undermine sign-ups for soldiers in the war against Russia.

LLMs tend to miss the forest for the trees, understanding specific instructions but not their broader context. Bad actors can take advantage of this myopia to get them to do malicious things, with a new prompt-injection technique.

At the Audit + Beyond Conference, professionals from audit, compliance, and IT security gathered to emphasize that AI is transforming risk management.

Such features, which have been implemented across all versions of Cisco ASA and FTD this month, ensure protection against continuous failed remote access VPN service authentication attempts.

Aside from implementing tougher quality assurance processes and improving vulnerability detection, software makers should also conduct phased rollouts and establish mechanisms for continuous feedback.

Investigation into the attack, which prompted the activation of backup systems to ensure the continued operations of northern and central Mexico airports..

CrowdStrike dismissed such assertions. "Delta's claims are based on disproven misinformation, demonstrate a lack of understanding of how modern cybersecurity works..."

After being targeted through masscan and ZGrab, unauthenticated Docker API endpoints have been exploited by TeamTNT.

Relying on EOL software leaves critical systems exposed — making it a problem no business can afford to ignore.

Disconnected data hurts cybersecurity by preventing clear, real-time insights.

The networking company found liable for illegally gathering user data for targeted advertising by the Irish Data Protection Commission.