Security Bulletin

Organizations affected by the breach have been urged by security researcher and former Microsoft employee Kevin Beaumont to be vigilant of the emails, which were not sent in adherence to the Microsoft 365 breach process.

Attackers could exploit the flaw, which stemmed from inadequate CSRF protections primarily in SkillTree endpoints for state-changing operations, to spread misinformation and prompt training disruptions.

GitLab has issued a fix for the critical flaw in GitLab Community Edition and Enterprise Edition software, tracked as CVE-2024-6385, which could be leveraged for arbitrary pipeline job execution.

Further investigation of the leaked 38 TB dataset revealed links to another storage repository with 89,475 records belonging to backend technology provider Legal Connect, which shares the same parent firm as Rapid Legal.

Fraudulent JPG files have also been leveraged by ViperSoftX to deploy AutoIT scripts and the AutoIT executable, along with PowerShell scripts.

Data from 2,047 Microsoft employees has been exposed, including full names, job titles, direct and corporate phone numbers, email addresses, LinkedIn profile links, city, state, and country addresses, and company phone numbers.

Attacks by Kimsuky commenced with the distribution of Japanese security and diplomatic organization-spoofing phishing emails with a malicious ZIP file.

Newly emergent EstateRansomware ransomware group has deployed intrusions leveraging the already addressed high-severity Veeam Backup & Replication software flaw, tracked as CVE-2023-27532.

While no federal data privacy law is in sight, many more states are passing formal privacy laws, so momentum for digital rights has been growing.

At the Microsoft Security Response Center, we are committed to continuously improving the security and performance of our services to meet the evolving needs of our customers. We are excited to announce the rollout of the latest version of our Common...

The US government worries that Group 42 Holdings, an AI firm based in the United Arab Emirates, could become a backdoor for technology leaks to China.

The CE giant released its investigative findings regarding a March cyberattack that resulted in data exfiltration affecting its Japanese operations.