Security Bulletin

"Broadside" is targeting a critical flaw in DVR systems to conduct command injection attacks, which can hijack devices to achieve persistence and move laterally.

Software teams at Google and other Rust adopters see safer code when using the memory-safe language, and also fewer rollbacks and less code review.

Remember when Apple put that U2 album in everyone's music libraries? India wanted to do that to all of its citizens, but with a cybersecurity app. It wasn't a good idea.

Manufacturers are the top target for cyberattacks in 2025 because of their still-plentiful cybersecurity gaps and a lack of expertise.

A maximum-severity vulnerability affecting the React JavaScript library has been exploited in the wild, further stressing the need to patch now.

As quantum quietly moves beyond lab experiment and into production workflows, here's what enterprise security leaders should be focused on, according to Lineswala.

Transurban head of cyber defense Muhammad Ali Paracha shares how his team is automating the triaging and scoring of security threats as part of the Black Hat Middle East conference.

When hiring a CISO, understand the key difference between engineering and holistic security leaders.

State-sponsored actors tied to China continue to target VMware vSphere environments at government and technology organizations.

Global cybersecurity agencies published guidance regarding AI deployments in operational technology, a backbone of critical infrastructure.

The deal, believed to be valued at $1 billion, will bring non-human identity access control of agents and machines to ServiceNow’s offerings including its new AI Control Tower.

It's the best deal going in cybercrime: fully compromised websites belonging to high-value organizations, for just a couple hundred bucks each.