Security Bulletin

Experts discuss the critical importance of proactive mainframe security, emphasizing education, regular assessments, and comprehensive vulnerability management to protect mission-critical systems that power global financial transactions.

Datadog reported $761.6 million in revenue for Q1 2025, a 25% year-over-year increase that beat analyst projections of $741.5 million.

Cybersecurity firm Guardz reported that between March 18 and April 7, 2025, attackers used the outdated BAV2ROPC protocol, which bypasses MFA and modern protections by enabling non-interactive logins through basic credentials.

Travis Howerton, former federal CTO and CEO of Redscale, explained that the update shifts more responsibility to cloud service providers by automating evidence sharing and control reporting, reducing manual oversight and paperwork.

The 2025 Global Threat Landscape Report shows cloud breaches now commonly begin with over-permissioned accounts, credential leaks in public code repositories, and unauthorized logins from unfamiliar geographies.

What was once a manageable trade-off for agility and innovation, such as vendor lock-in or outages, is now overshadowed by broader concerns, including data seizure and unpredictable pricing.

More than 40 security flaws have been patched by Apple as part of the macOS Sequoia 15.5 update, many of which could be exploited to obtain sensitive data access, GBHackers News reports.

Patches have been released by ASUS for a pair of security bugs impacting its DriverHub tool, which could be exploited to facilitate remote code execution, reports The Hacker News.

The Register reports that Microsoft has committed to remediating security issues impacting Microsoft 365 apps on Windows 10 until Oct. 10, 2028, or a little over three years after it ends Windows 10 support.

Six percent of organizations around the world were compromised with the FakeUpdates malware, also known as SocGholish, making it the most prevalent malicious payload in April, Hackread reports.

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 7.1 ATTENTION: Low attack complexity Vendor: Hitachi Energy Equipment: Relion 670/650/SAM600-IO Series Vulnerability: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') 2. RISK EVALUATION...