Security Bulletin

It's a tale as old as time: an old, long-since patched vulnerability that remains actively exploited.

Two vulnerabilities are critical, and three others are determined to be of high, medium, and low severity.

Once an attacker with ransomware on their mind gains control of a networked endpoint, they will use that compromised endpoint as a means to encrypt data on other devices on the same network.

Attackers hit more X accounts to promote Overworld Bitcoin registration.

Malicious insider threats are increasingly becoming a cause for concern among businesses in the United Arab Emirates.

While a concern, security pros say by enabling multi-factor authentication and focusing on core cloud security best practices, teams can handle the challenge FBot presents.

It’s more challenging for organizations to get cybersecurity insurance, and when they do manage to get insured the premiums are steep. It also turns out that not all policies cover ransomware, the leading cause of cyber insurance claims.

Several updates have been introduced to the Atomic Stealer macOS information-stealing malware, also known as AMOS, including the integration of payload encryption to better evade security software detection, The Hacker News reports.

BleepingComputer reports that more than 6,700 WordPress sites leveraging Popup Builder plugin vulnerable to the cross-site scripting bug, tracked as CVE-2023-6000, have been compromised in a new Balada Injector campaign that commenced last month.

The U.S., Australia, India, and the UK are having their government institutions subjected to new attacks by Chinese advanced persistent threat operation Volt Typhoon leveraging a pair of critical vulnerabilities in end-of-life Cisco small business...

Efforts to remove the four-year degree requirement for certain federal cybersecurity contracting positions are being advanced by National Cyber Director Harry Coker and the Office of Management and Budget in a bid to strengthen the cybersecurity...

Ongoing intrusions leveraging an already patched critical privilege escalation flaw impacting Microsoft SharePoint, tracked as CVE-2023-29357, have been flagged by the Cybersecurity and Infrastructure Security Agency, which has added the issue to its...