Security Bulletin

(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

Microsoft fixed 103 vulnerabilities in its October Patch Tuesday release, including fixes for two zero-days actively exploited.

Companies with customers in California need to prepare for a new process for demanding deletion of personal data.

A sophisticated APT known as "ToddyCat," sponsored by Beijing, is cleverly using unsophisticated malware to keep defenders off their trail.

Touted for days as potentially catastrophic, the curl flaws only impact a narrow set of deployments.

Google has begun implementing passkeys by default after gradually rolling out the authentication approach to Chrome and Android and later to user accounts and Google Workspace during the past year, reports SiliconAngle.

TechCrunch reports that security orchestration, automation, and response platform developer Revelstoke is set to be purchased by cybersecurity firm Arctic Wolf in a bid to facilitate accelerated and more comprehensive cyberattack detection and...

Microsoft has announced plans to remove the VBScript programming language, which was initially bundled with Internet Explorer, in future Windows releases after three decades of usage, BleepingComputer reports. "VBScript is being deprecated.

New Magecart attacks involving the alteration of default 404 error pages to hide malicious code have been deployed against numerous Magento and WooCommerce sites, including those of food and retail industry entities, The Hacker News reports.

Spain's third-largest airline Air Europa had its customers' credit card information compromised following a cyberattack against its systems, according to BleepingComputer.

Global UK-based electronic connector manufacturer Volex had some of its IT systems and data around the world compromised following a cyberattack over the weekend, reports The Record, a news site by cybersecurity firm Recorded Future.

Organizations should brace for mass exploitation of CVE-2023-22515, an uber-critical security bug that opens the door to crippling supply chain attacks on downstream victims.