Security Bulletin

The attackers are taking an indirect approach to targeting SEO professionals and their Google credentials, using a fake digital marketing website.

Law enforcement entities in democratic states have been deploying top-of-the-line messaging app spyware against journalists and aid workers.

Cato Networks researchers create jailbreak method where hacking is normal in an alternate reality.

Most severe of the newly added flaws is the Edimax IC-7100 IP camera OS command injection vulnerability, tracked as CVE-2025-1316.

All of the information posted by the daughter of Baidu Vice President Xie Guangjun has been procured from foreign platforms' "doxing databases," said Baidu.

Most of the exposed secrets were GitHub install action tokens but their 24-hour expiration has restricted exploitation opportunities.

After achieving initial access by targeting vulnerable internet-exposed web and application servers, UAT-5918 utilized tools previously associated with Volt Typhoon and Flax Typhoon to facilitate lateral movement, credential and data theft, and...

Attackers, tracked under the UAC-0200 threat cluster, leveraged the Signal messaging app to deliver messages purportedly containing minutes of the meeting reports as archive files.

Threat actors have leveraged fake mailing-related apps to facilitate the distribution of Betruger, which has been integrated with network scanning, keylogging, privilege escalation, credential dumping, and other capabilities prevalent in tools often...

Exploitation of the the static credential flaw through the use of simple fixed passwords could facilitate the compromise of a log file exposed by the information disclosure bug.

Cisco is transforming its business model to focus on subscription-based revenue, aligning partner programs with this evolution. Enhanced incentives will reward partners for driving customer outcomes, ensuring growth and profitability.

The time to secure foundations, empower teams, and make cyber resilience the standard is now — because the cost of waiting is far greater than the investment in proactive security.