Security Bulletin

Infiltration of a Michigan Medicine employee account through a malicious multi-factor authentication prompt has enabled attackers to access and exfiltrate emails containing patients' names and medical record numbers, as well as diagnostic or...

As Superman has kryptonite, software has weaknesses — with misconfigurations leading the pack.

Attackers distributed phishing emails with malicious file download links to facilitate compromise with SnipBot, which includes support for more commands than the previous iteration of RomCom RAT.

Intrusions by Kimsuky involved the delivery of spear-phishing emails luring ZIP file downloads and malicious file extraction to facilitate the deployment of the payloads, which are suspected to be of the same author due to source code similarities.

Thousands of Ukrainian devices have been compromised by Gamaredon between 2022 and 2023, primarily through spear-phishing campaigns, an analysis from ESET showed.

Both exchanges are associated with Russian Sergey Sergeevich Ivanov, also known as Taleon, who has allegedly provided money laundering services to threat actors in the last 20 years.

These five best practices are the blocking and tackling of network data security that never go out of style.

More than half of employees report receiving no training on secure AI use.

In Putin’s Russia, Google regulates you.

The number of memory bugs in Android declined sharply after Google began transitioning to Rust for new features in its mobile OS.