Security Bulletin

More details regarding state and local governments' vulnerability assessment measures have been sought by Deputy National Security Advisor for Cyber and Emerging Technologies.

More details regarding the reported breach of the Department of Health and Human Services' Health Resources and Services Administration grant payments platform from March to November 2023 have been demanded.

Such impacted systems contained certain CWU member information but further investigation into a possible data breach is still needed.

The City of St. Cloud in Florida have confirmed that the city's services have been disrupted by a ransomware attack.

Malicious websites redirecting to fraudulent giveaways, tech support scams, and spam subscriptions were discovered by search engine optimization expert Lily Ray and pushed by Google's newly launched artificial intelligence-based Search Generative...

Stealthier attacks have been facilitated by threat actors through the utilization of several strategically positioned internet-connected GEOBOX devices.

Microsoft 365 and Gmail accounts have been increasingly targeted with attacks leveraging the new Tycoon 2FA phishing-as-a-service kit.

Top.gg GitHub organization, which is commonly leveraged for Discord servers, and other GitHub developers have been compromised in a new software supply chain attack campaign that involved browser cookie exfiltration and malicious PyPi package...

Attacks commenced with the delivery of malicious emails with PDF attachments linking to file-sharing site-hosted documents, which when opened fetches an MSI installer-containing ZIP archive that prompts Atera Agent installation.

Data memory-dependent prefetching can enable side-channel extraction of cryptographic secrets.

The Red Report shows the growing sophistication of threat actors to disable a target’s defenses.

Security pros say StrelaStealer uses control flow obfuscation — a technique that lets the threat actor better evade detection and reverse engineering.