Security Bulletin

The campaign is the latest effort by the North Korean threat actor to collect data of strategic interest to Pyongyang.

Pwn2Own Ireland kicked off on Oct. 21. What researchers found continues to highlight how secure development practices are lacking across the industry.

The goal is to apply psychology principles to security training to change behaviors and security outcomes.

Researchers find it takes far less to manipulate a large language model's (LLM) behavior than anyone previously assumed.

Hardcoded credentials, access tokens, and API keys are ending up in the darnedest places, prompting a call for organizations to stop over-privileging secrets.

NSO Group must pay $4 million in damages and is permanently prohibited from reverse-engineering WhatsApp or creating new accounts after targeting users with spyware.

Thanks to improving cybersecurity and law enforcement action from the West, Russia's government is reevaluating which cybercriminals it wants to give safe haven from the law.

The Iranian threat group is using a compromised mailbox accessed through NordVPN to send phishing emails that prompt recipients to enable macros.

People habitually ignore cybersecurity on their phones. Instead of compensating for that, organizations are falling into the very same trap, even though available security options could cut smishing success and breaches in half.

After a particularly gruesome murder, South Korea issues "code black" travel ban for several regions in Cambodia, while other nations urge more raids.

Interference with the global positioning system (GPS) isn't just a problem for airlines, but for shipping, trucking, car navigation, agriculture, and even the financial sector.

Fraudsters are using generative AI to generate fake music and boost the popularity of the fake content.