Security Bulletin

The 2025 Global Threat Landscape Report shows cloud breaches now commonly begin with over-permissioned accounts, credential leaks in public code repositories, and unauthorized logins from unfamiliar geographies.

What was once a manageable trade-off for agility and innovation, such as vendor lock-in or outages, is now overshadowed by broader concerns, including data seizure and unpredictable pricing.

More than 40 security flaws have been patched by Apple as part of the macOS Sequoia 15.5 update, many of which could be exploited to obtain sensitive data access, GBHackers News reports.

Patches have been released by ASUS for a pair of security bugs impacting its DriverHub tool, which could be exploited to facilitate remote code execution, reports The Hacker News.

The Register reports that Microsoft has committed to remediating security issues impacting Microsoft 365 apps on Windows 10 until Oct. 10, 2028, or a little over three years after it ends Windows 10 support.

Six percent of organizations around the world were compromised with the FakeUpdates malware, also known as SocGholish, making it the most prevalent malicious payload in April, Hackread reports.

The threat group's goal is to help Pyongyang assess risk to its troops deployed in Ukraine and to figure out if Moscow might want more.

The “AI videos” generated from these sites are actually malicious executables that set off the attack chain.

Settlement is the largest individual penalty to date against Google in the state of Texas.

Fortra strengthens its endpoint-to-cloud security platform with the acquisition of Lookout's cloud application security broker, zero-trust network access, and secure Web gateway technologies.

The $168 million judgment against NSO Group underscores how citizens put little store in the spyware industry's justifications for circumventing security — but will it matter?

Threat actors are scamming users by advertising legitimate-looking generative AI websites that, when visited, install credential-stealing malware onto the victim's computer.