Security Bulletin

Company urges organizations using self-hosting GitLab instances to apply updates for CVE-2024-45409 as soon as possible.

Inc ransomware — one of the most popular among cybercriminals today — meets healthcare, the industry sector most targeted by RaaS.

US ports rely on cranes manufactured by a Chinese state-owned company, many with unmonitored cellular connections, causing cybersecurity concerns.

The tactics used by Vanilla Tempest such as lateral movement via RDP are not novel – but attacks on healthcare by yet another ransomware strain complicates the picture.

The first patch lets threat actors with low-level credentials still exploit the vulnerability, while the second fully resolves the flaw.

As organizations invest in AI copilots, we ask: what features make them truly impactful?

Once a user's device is infected as part of an ongoing Flax Typhoon APT campaign, the malware connects it to a botnet called Raptor Train, initiating malicious activity.

By enhancing threat detection, enabling real-time risk assessment, and providing predictive insights, AI is empowering organizations to build more robust defenses against cyber threats.

Eliminating XSS flaws requires written threat model and code reviews, adversarial product testing, and advanced web frameworks for appropriate escaping or quoting, said the agencies in a joint alert.