Security Bulletin

Experts say leadership needed now more than ever, as Coker aims to strengthen public-private partnerships.

EMB3D, like ATT&CK and CWE, seeks to provide a common understanding of cyber-threats to embedded devices and of the security mechanisms for addressing them.

Microsoft researchers say threat actors abused OAuth to deploy VMs for cryptomining, establish persistence following BEC attacks, and launch spamming activity.

Metrics have a place when it comes to reporting on organizational security and risk management, but effectively communicating their relevance to the board in the context of the overall security story is more important than simply reporting on the raw...

After compromising Azure and Outlook user accounts, threat actors are creating malicious apps with high privileges to conduct cryptomining, phishing, and password spraying.

A visit to the "Island of Pearls" is part of ongoing regional efforts to enhance cooperation and exchange knowledge between universities in the cyber and technology sectors.

GPS locations of K-12 students and parent contact info could be pulled from the Parent Portal API.

The root cause may lie in set-top boxes run by a questionable service provider.

Getting more insight helps you to prioritize across all your systems, letting you drive more collaboration, real change, and real success for your teams.

Microsoft caps a busy year of bug patching with a light December release, addressing 33 new flaws.

Threat actors are fully embracing the spin machine: rebranding, speaking with the media, writing detailed FAQs, and more, all in an effort to make headlines.

Today’s columnist, Nadav Lev of YL Ventures, offers four ways developers and security teams can work together. (Stock Photo, Getty Images)