Security Bulletin

A 7-month-old bug in an OSS CI/CD server is still being actively exploited, thanks to spotty patching, CISA warns.

While Microsoft has patched the issue, security pros warn that teams need to audit their AKS clusters.

Feeling creative? Submit your caption and our panel of experts will reward the winner with a $25 Amazon gift card.

By moving beyond guidelines and enforcing accountability, encouraging innovation, and prioritizing the safety and well-being of our communities in the digital age, we can build a more secure software future.

Individuals' names, birthdates, Social Security numbers, addresses, and health insurance details, as well as medical and diagnosis data, have been compromised by threat actors who infiltrated Carespring's network between Oct. 12 and Oct. 30, said...

Threat actors were able to secure payment card details, including individuals' names, payment card numbers, CVVs, and expiration dates, between Dec. 20, 2023 and Jun. 26, 2024, after redirecting online ticket transactions from a third-party vendor...

Information compromised due to the misconfiguration included individuals' names, birth years, shipping addresses, billing addresses, IP addresses, social media accounts, and phone numbers, as well as their credit cards' last four digits, aircraft and...

Infiltration of the Toyota branch has enabled the exfiltration not only of data from customers and employees but also financial information, contracts, emails, and network infrastructure details, which have been obtained through the ADRecon tool...

Integrated within UULoader was an archive file with two main executables that did not have their file headers, with the first being a binary enabling DLL file side-loading of the final-stage payloads.

Typosquatted domains mimicking legitimate sites have been leveraged to host the MSIX installers, which not only spoof Zoom, KeePass, Steam, and other popular software but also facilitate script execution prior to app deployment.

Attacks exploiting a Windows Ancillary Function Driver for WinSock zero-day vulnerability, tracked as CVE-2024-38193, have been deployed by North Korean hacking collective Lazarus Group to facilitate stealthy systems compromise with the FUDModule...