Security Bulletin

GenAI’s role in phishing and scams continues to raise concerns as overall spam volume rises.

By injecting malicious bytecode into interpreters for VBScript, Python, and Lua, researchers found they can circumvent malicious code detection.

Law firms make the perfect target for extortion, so it's no wonder that ransomware attackers target them and demand multimillion dollar ransoms.

Researchers say the attacks are easy to perform, difficult to contact, nearly unrecognizable, and "entirely preventable."

The prolific ransomware group has shifted away from phishing as the method of entry into corporate networks, and is now using initial access brokers as well as its own tools to optimize its most recent attacks.

A malvertising campaign uses phishing to steal legitimate account pages, with the endgame of delivering the Lumma stealer.

Security pros caution users to download apps only from official app stores and websites.

Aside from new group optimization functionality that eases the removal of unneeded users and resources, Opal's platform has also been improved with more comprehensive irregular access screening that uses machine learning to better identify suspicious...

Applications seeking cookie permissions will have their identities verified by App-Bound Encryption through a privileged service and would fail if similar data encoded into the encrypted data is decrypted by another app.

While all of the identified apps shared exact locations for their "filters" functionality, such an issue has already been addressed by the apps through the rounding up the exact coordinates that rendered oracle trilateration techniques ineffective.

Major U.S. pharmaceutical firm Cencora has disclosed that more personal and protected health information had been stolen than initially reported during a February cyberattack against a patient support services subsidiary.

Attacks by Cuckoo Spear may have involved the utilization of LODEINFO, which allows file theft, arbitrary shellcode execution, keystroke logging, process termination, and screenshot capturing, as an initial payload.