Security Bulletin

Attacks leveraging an already fixed critical Magento vulnerability, tracked as CVE-2024-20720, have been launched against e-commerce websites to facilitate the distribution of a Stripe payment skimmer for financial data exfiltration, according to The...

BleepingComputer reports that attacks leveraging a recently patched high-severity heap overflow vulnerability, tracked as CVE-2024-21894, could impact nearly 16,500 internet-exposed Ivanti Connect Secure and Poly Secure VPN gateways.

More than 92,000 outdated internet-exposed D-Link Network Attached Storage devices could be breached in attacks exploiting a newly discovered arbitrary command injection and hardcoded backdoor vulnerability, tracked as CVE-2024-3273, which could...

Here are four insights into how security pros can judge new AI products when vendors say they were “battle-tested in Ukraine.”

At the Microsoft Security Response Center (MSRC), our mission is to protect our customers, communities, and Microsoft from current and emerging threats to security and privacy. One way we achieve this is by determining the root cause of security...

The remote access trojan creates a second hidden desktop to control the victim’s browser.

New joint research by Wiz and AI-as-a-service provider Hugging Face find that a malicious pickle-serialized model could contain a remote execution payload.

The North American accommodation group is still investigating the impact of the Easter weekend disruptions.

Security practitioners share what they've learned in the push for better cloud security.

Artificial intelligence is believed by 63% of IT and security professionals to be beneficial to their organizations' security posture, ZDNET reports.

Threat actors could leverage the novel HTTP/2 Continuation Flood denial-of-service attack technique to facilitate DDoS attacks more severe than record-breaking intrusions enabled by the Rapid Reset approach last year, according to SecurityWeek.