Security Bulletin

A North Korean advanced persistent threat (APT) actor (aka Gleaming Pisces) tried to sneak simple backdoors into public software packages.

The program seeks to adapt frameworks such as the NIST Cybersecurity Framework to address AI use.

Security tools from Crowdstrike, SentinelOne and Microsoft affected by latest Apple update.

With the landscape for compliance evolving at a rapid pace, companies will need to adapt to new challenges and circumstances in the coming year.

Critical-rated CVE-2024-20017 allows remote code execution (RCE) on a range of phones and Wi-Fi access points from a variety of OEMs.

The company announced an update to its privacy policy, acknowledging it is using customer data to train its AI models.

The lack of abundant data on AI-enabled attacks in official reports shouldn't prevent us from preparing for and mitigating potential future threats.

Under the FOCAL plan, federal agencies have been urged to prioritize asset management, vulnerability management, defensible architecture, cyber supply chain risk management, and incident detection and response, as well as adhere to alignment goals...

Most recent of the newly added vulnerabilities is a critical remote command execution issue in Apache HugeGraph-Server, tracked as CVE-2024-27348, which could be leveraged to facilitate sandbox restriction evasion.