Security Bulletin

Today, CISA, the Federal Bureau of Investigation (FBI), and the Multi-State Information Sharing and Analysis Center (MS-ISAC) released a joint Cybersecurity Advisory (CSA), #StopRansomware: Phobos Ransomware, to disseminate known tactics, techniques...

CISA released two Industrial Control Systems (ICS) advisories on February 29, 2024. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-24-060-01 Delta Electronics CNCSoft-B...

SUMMARY The Cybersecurity and Infrastructure Security Agency (CISA) and the following partners (hereafter referred to as the authoring organizations) are releasing this joint Cybersecurity Advisory to warn that cyber threat actors are exploiting...

Today, CISA and the following partners released joint Cybersecurity Advisory Threat Actors Exploit Multiple Vulnerabilities in Ivanti Connect Secure and Policy Secure Gateways: Federal Bureau of Investigation (FBI) Multi-State Information Sharing &...

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Low attack complexity Vendor: MicroDicom Equipment: DICOM Viewer Vulnerabilities: Heap-based Buffer Overflow, Out-of-Bounds Write 2. RISK EVALUATION Successful exploitation of these...

CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2023-29360 Microsoft Streaming Service Untrusted Pointer Dereference Vulnerability These types of vulnerabilities are...

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Low attack complexity Vendor: Delta Electronics Equipment: CNCSoft-B Vulnerability: Stack-based Buffer Overflow 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an...

Malware campaign selectively targets users in Mexico through geofencing in addition to using advanced obfuscation methods.

A newcomer in the ransomware scene, has allegedly attacked Epic Games.

GitHub is having difficulty stopping an ongoing attack impacting millions of code repositories.

A successor to the "Golden SAML" tactic used in the SolarWinds campaign, this new technique taps SAML response forgery to gain illegitimate access to apps and services.