Security Bulletin

Organizations must recognize that all nations are vulnerable to attacks on critical infrastructure.

Infostealers are everywhere for a while now. If this kind of malware is not aggressive, their impact can be much more impacting to the victim. Attackers need always more and more data to be sold or reused in deeper scenarios. A lot of infostealers...

(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

Malware harvests user credentials and account details from infected systems.

We fundamentally misunderstand what AI is, what it can do, and how it should be regulated, two researchers said at the BSides SF and RSAC information-security conferences last week.

Documented in a series of social media posts, cybersecurity experts shared with Dark Reading their insights on RSAC 2025 throughout the week.

Researchers from Arctic Wolf Labs detailed a new spear-phishing campaign that targets hiring managers and recruiters by posing as a job seeker.

Last August, Samsung patched an arbitrary file upload vulnerability that could lead to remote code execution [1]. The announcement was very sparse and did not even include affected systems:

This segment spotlights the CyberSG Talent, Innovation and Growth (TIG) Collaboration Centre, a joint initiative by NUS and CSA that is driving the development of talent pipelines, breakthrough technologies, and scalable startups.

While passkeys offer enhanced security against phishing and credential theft, implementation hurdles, cross-platform inconsistencies, and user experience challenges pose significant barriers to widespread adoption.

AI offers powerful defensive capabilities, such as anomaly detection and automated threat response, while developing quantum-resistant technologies is crucial for future-proofing our digital infrastructure.