Security Bulletin

Misconfigurations expose DevOps tools to malicious deployment of XMRig.

Edge computing and stricter regulations could usher in a new era of AI privacy.

The Emergency Management and Response - Information Sharing and Analysis Center provided essential information to the emergency services sector on physical and cyber threats and its closure leaves an information vacuum for these organizations.

New details on the Cisco IOS XE vulnerability could help attackers develop a working exploit soon, researchers say.

Flaw in Cisco IOS XE exposes credentials in plain text.

An anonymous whistleblower has leaked large amounts of data tied to the alleged operator behind Trickbot and Conti ransomware.

Download eSentire's 10 questions to ask vendors about AI when choosing an MDR provider.

The country will require certain organizations to report ransomware payments and communications within 72 hours after they're made or face potential civil penalties.

The unpatched security vulnerabilities in Consilium Safety's CS5000 Fire Panel could create "serious safety issues" in environments where fire suppression and safety are paramount, according to a CISA advisory.

All KEV entries should include not only platform-specific relevance indicators and CVE origin details but also attack chain and attack path context, said the OX team.

Detailed in the roadmap are the preparation, baseline understanding, planning and execution, and monitoring and evaluation stages of the process, according to the PQCC.

With the U.S. facing increasing cyber threats from China, it is crucial that the CSRB be immediately reinstated by DHS and CISA, said the lawmakers in a letter to Department of Homeland Security Secretary Kristi Noem.