Security Bulletin

Novel Chinese hacking operation Unfading Sea Haze has compromised at least eight government and military organizations across the South China Sea — where China has territorial claims against Indonesia, Malaysia, Taiwan, Vietnam, and the Philippines —...

More than 200,000 Atlassian Confluence Data Center and Confluence Server instances could be compromised in intrusions targeting the high-severity remote code execution vulnerability, tracked as CVE-2024-21683, reports Cybernews.

BleepingComputer reports that more Chinese state-sponsored threat actors have been using massive operational relay box networks, or proxy networks of botnets, to facilitate cyberespionage efforts.

TechCrunch reports that at least three U.S.-based Wyndham hotels were discovered by security researcher Eric Daigle to have had their check-in systems compromised with the consumer-grade spyware app pcTattletale, which is impacted by a vulnerability...

Attacks leveraging Microsoft Exchange Server vulnerabilities to facilitate keylogger malware deployment have been launched against more than 30 government, financial, education, and IT organizations in Africa and the Middle East since 2021, reports...

National Cyber Director Harry Coker noted that the U.S. has intensified defending its critical infrastructure amid mounting cyber threats posed by Chinese state-sponsored threat operations, including Volt Typhoon, CyberScoop reports.

Burnout has been an oft-reported problem among security professionals for years. Are there any new ideas for supporting mental health in the industry?

Most everyone uses email and critical infrastructure sectors are high-profit industries that deploy legacy technology easy to exploit, so attackers take advantage of the easy access via email to make hefty profits.

One of China's biggest espionage operations owes its success to longstanding Microsoft Exchange bugs, open source tools, and old malware.

A CISO job description is a moving target in 2024 as these security leaders face new twists on employment challenges, a 'hostile' regulatory climate and a bevy of new internal and external digital threats.

For incident responders, a variety of techniques for information retrieval from locked-up VMs.