Security Bulletin

New research reveals that sophisticated phishing attacks consistently bypass traditional enterprise security measures.

Researchers built an inexpensive device that circumvents chipmakers' confidential computing protections and reveals weaknesses in scalable memory encryption.

The actor behind the "Contagious Interview" campaign is continuing to refine its tactics and social engineering scams to wrest credentials from macOS users.

State-linked hackers stayed under the radar by using a variety of commercial cloud services for command-and-control communications.

Despite possibly supplanting some young analysts, one Gen Z cybersecurity specialist sees AI helping teach those willing to learn and removing drudge work.

A new ClickFix variant ratchets up the psychological pressure to 100 and addresses some technical mitigations to classic ClickFix attacks.

For the first time ever, the National Football League (NFL) played on Spanish soil – and Cisco played a key role in bringing one of the world’s most famous sports to one of sports’ most famed venues.

(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

A threat actor is leveraging a flaw in the Ray framework to hijack AI infrastructure worldwide and distribute a self-propagating cryptomining and data theft botnet.

The exploitation of CVE-2025-61757 follows a breach of Oracle Cloud earlier this year as well as a recent extortion campaign targeting Oracle E-Business Suite customers.

This campaign introduces a new variant that executes malicious code during preinstall, significantly increasing potential exposure in build and runtime environments, researchers said.

Advancements in vision language models expanded models reasoning capabilities to help protect employee safety.