Security Bulletin

Incident raises fears that U.S. adversaries could steal sensitive source code.

To properly and safely use artificial intelligence, robust identity and access management solutions must be implemented, say more than a hundred CISOs and CTOs in a recent survey.

Experts will explore the oft-neglected necessity of AI safety and its integration with security practices at next month's Black Hat USA in Las Vegas.

As automation spreads and relieves security pros of time-consuming management tasks, their ability to articulate complex cybersecurity risks with the C-suite is increasingly valuable.

SOC 2 reports are a valuable tool for evaluating vendor security, but they shouldn't be the only piece of the puzzle.

Cybercriminals are selling credentials linked to the tournament on underground markets, with some geopolitics playing out in denial-of-service attacks.

Yahoo, Uber, SolarWinds — increasingly, the government is incentivizing better corporate security by punishing the individuals leading it. Is that a good idea? And how can security pros avoid ending up on the butt end of a lawsuit?

Such a ruling reversal could prompt even more court challenges against Biden-era cybersecurity rules, which have been primarily dependent on reinterpretations of existing regulations, according to Center for Cybersecurity Policy and Law counsel...

More severe of the bugs is a critical remote code execution flaw, tracked as CVE-2023-2071, which could be exploited to enable malicious DLL injections.

In screenshots from LockBit's data leak site shared by cyber threat monitoring firm HackManac, Florida's health department has been warned to pay the demanded ransom by July 5 in exchange for the non-exposure of 100 GB of data allegedly stolen from...

Despite the theft of data from the partner's systems, operations at HealthEquity have continued as there has been no evidence suggesting additional systems compromise.

Aside from alerting users regarding the phishing scheme, Ethereum also disclosed performing selective email service migration and other measures to curb similar attacks in the future.