Security Bulletin

CyberRisk TV speaks with Menlo Security's Andrew Harding at the Black Hat 2024 conference in Las Vegas on how threat actors have moved towards exploiting browsers as other services become more secure.

Over-reliance on code-writing generative AI tools will increase the rate of software errors and vulnerabilities, said Veracode CTO and co-founder Chris Wysopal at the Black Hat security conference.

CyberRisk TV speaks with ThreatLocker's Danny Jenkins at the Black Hat 2024 conference in Las Vegas on their approach to protection rather than detection.

Following the July 19 outages caused by a bad update, the cybersecurity firm faces shareholder lawsuits and pressure to pay damages for at least one major customer, Delta Airlines. Will software liability follow?

The bug affects all major browsers and enables RCE attacks on macOS and Linux devices.

Signal creator Moxie Marlinspike says that the security community should look to restore the sense of “magic” in product development.

At Black Hat USA, security researcher Michael Bargury released a "LOLCopilot" ethical hacking module to demonstrate how attackers can exploit Microsoft Copilot — and offered advice for defensive tooling.

Security pros speculate that Progress Software complied with the SEC’s reporting guidelines and was the victim of a zero-day, not misconduct.

Microsoft execs detailed the company's reaction to the CrowdStrike incident and emphasized the value of a collective identity.

Attackers can use a seemingly innocuous IP address to exploit localhost APIs to conduct a range of malicious activity, including unauthorized access to user data and the delivery of malware.

As AI technologies continue to advance at a rapid pace, privacy, security and governance teams can't expect to achieve strong AI governance while working in isolation.

Black Hat presentation reveals adversaries don't need to complete all seven stages of a traditional kill chain to achieve their objectives.