Security Bulletin

Six percent of organizations around the world were compromised with the FakeUpdates malware, also known as SocGholish, making it the most prevalent malicious payload in April, Hackread reports.

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 7.1 ATTENTION: Low attack complexity Vendor: Hitachi Energy Equipment: Relion 670/650/SAM600-IO Series Vulnerability: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') 2. RISK EVALUATION...

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.5 ATTENTION: Low attack complexity Vendor: ABB Equipment: Automation Builder Vulnerabilities: Incorrect Permission Assignment for Critical Resource 2. RISK EVALUATION Successful exploitation of these...

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 9.4 ATTENTION: Exploitable remotely/low attack complexity Vendor: Hitachi Energy Equipment: MACH GWS products Vulnerabilities: Improper Neutralization of Special Elements in Data Query Logic, Improper Limitation...

CISA has added five new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2025-30400 Microsoft Windows DWM Core Library Use-After-Free Vulnerability CVE-2025-32701 Microsoft Windows Common...

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 9.3 ATTENTION: Exploitable remotely/low attack complexity Vendor: Hitachi Energy Equipment: Service Suite Vulnerabilities: Use of Less Trusted Source, Inconsistent Interpretation of HTTP Requests ('HTTP Request...

The threat group's goal is to help Pyongyang assess risk to its troops deployed in Ukraine and to figure out if Moscow might want more.

(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

The “AI videos” generated from these sites are actually malicious executables that set off the attack chain.

Settlement is the largest individual penalty to date against Google in the state of Texas.

Fortra strengthens its endpoint-to-cloud security platform with the acquisition of Lookout's cloud application security broker, zero-trust network access, and secure Web gateway technologies.