Security Bulletin

Attacks leveraging the Microsoft Entra ID cross-tenant vulnerability nOAuth were discovered by Semperis to potentially compromise 9% of Entra ID software-as-a-service applications two years after the initial disclosure of the security issue, The...

House Select Committee on China Chair Rep. John Moolenaar, R-Mich., and committee ranking member Rep. Raja Krishnamoorthi, D-Ill., have introduced the new No Adversarial AI Act that would prohibit federal agencies from using the DeepSeek large...

Increasingly advanced cyberattacks were noted by federal judge Michael Scudder, who leads the federal court national policymaking body's Committee on Information Technology, to have continuously bombarded the U.S. court system, reports The Record, a...

Cybernews reports that New York-based Columbia University has launched an investigation into a potential cyberattack following "widespread system outages" on Tuesday.

More than 200,000 individuals were confirmed to have had their data compromised following separate cyberattacks against Arkansas-based healthcare provider Mainline Health Systems and Pennsylvania-based critical illness recovery and rehabilitation...

Organizations in the retail sector experienced 40% more ransomware attacks in May than in April, amid a 6% decrease in global ransomware prevalence last month, marking the third straight month of decline, SecurityBrief Asia reports.

Hackread reports that WordPress sites have been targeted with a WordPress Core plugin-spoofing malware operation that has been exfiltrating user credentials and credit card details since September 2023.

Malicious actors have been creating signed remote access through ConnectWise ScreenConnect installer abuse as part of an Authenticode stuffing attack, reports BleepingComputer.

In today's cyber battlefield, resilience starts with readiness, and the cost of falling short increases by the day.

Intrusions involving open-source tools have been launched by the CL-CRI-1014 threat operation to infiltrate financial organizations across Africa over the past two years, Infosecurity Magazine reports.

Israel's cyber pros are having to put theory into practice, as a notorious nation-state APT sponsored by Iran targets them with spear-phishing attacks.

Flaws in Identity Services Engine (ISE) platform could allows remote code execution.