Security Bulletin

Reused passwords, a lack of network segmentation, and poor sanitization processes make the Internet of Things' attack surfaces more dangerous.

Survey underscores the reality that scammers follow "scalable opportunities and low friction," rather than rich targets that tend to be better protected.

A convincing presale site for phony "Google Coin" features an AI assistant that engages victims with a slick sales pitch, funneling payment to attackers.

CVE-2026-2329 allows unauthenticated root-level access to SMB phone infrastructure, so attackers can intercept calls, commit toll fraud, and impersonate users.

How I realized what I was taught to about threat intelligence was missing something crucial.

A China-related attacker has exploited the vendor flaw since mid-2024, allowing it to move laterally, maintain persistent access, and deploy malware.

Discover a strategic approach to govern scraping risks, balance security with business growth, and safeguard intellectual capital from automated data harvesting.

After detecting a zero-day attack, the country's effective response was attributed to the tight relationship between its government and private industry.

Keenadu downloads payloads that hijack browser searches, commit ad fraud, and execute other actions without user knowledge.

Russia-aligned groups are probable culprits behind the wiper attacks against renewable energy farms, a manufacturer, and a heating and power plant.

Remote monitoring and management (RMM) software offers hackers multiple benefits, including stealth, persistence, and operational efficiency.

ClickFix campaigns have adapted to the latest defenses with a new technique to trick users into infecting their own machines with malware.