Security Bulletin

Whether you're facing growing data demands and increased cyber threats, or simply looking to future-proof your business, it's time to consider the long-term benefits of transitioning to a cloud-first infrastructure.

After inputting valid employee emails to infiltrate Starlink's admin panel hosted on a subarucs.com subdomain, threat actors could perform password resets, omit client-side overlay, and evade two-factor authentication to access the panel's features...

Threat actors could also leverage all of the vulnerabilities to enable cellphone location tracking and connection detail exfiltration that could be used for more targeted intrusions, a study from University of Florida and North Carolina State...

Exposed by the database were customers' full names, birthdates, ages, genders, marital status, account IDs, occupations, phone numbers, physical addresses, premium amounts and annuities, and policy types, as well as employees' names, email addresses...

Such an RCE flaw, which was given a critical severity designation by Snyk, impacts the Llama Stack component, particularly in the implementation of the reference Python Inference API, which automates Python object deserialization through the risky...

Such data compromise may have been achieved through an intrusion against a third-party supplier, which did not have any access to billing or financial details, according to TalkTalk Head of External Communications Liz Holloway, who did not name the...

Attackers who infiltrated Change Healthcare using unsecured account credentials were not only able to exfiltrate individuals' names, birthdates, home and email addresses, Social Security numbers, and other government IDs but also their health...

Amateur threat actors have been targeted by the attacker using the "@shinyenigma" and "milleniumrat" aliases with the altered XWorm RAT builder, which not only exfiltrates data via Telegram bot tokens and API calls but also enables registry...

Such an incident — which comes within six months of separate crypto heists against fellow Singaporean cryptocurrency platforms BingX and Penpie — showcased levels of sophistication that could have only been conducted by North Korean threat actors...

After leveraging a vulnerability and the privilege escalation tools PsExec and JuicyPotato to gain SYSTEM access on targeted devices, Andariel stealthily established a low-privilege local user before altering the Security Account Manager registry to...

After infiltrating ESXi instances by leveraging known vulnerabilities or stolen admin credentials, ransomware gangs proceed to utilize the built-in SSH service to facilitate lateral movement and ransomware delivery without being detected, according...

Threat actors who send out phishing messages have long ago learned that zero-width characters and unrendered HTML entities can be quite useful to them. Inserting a zero-width character into a hyperlink can be used to bypass some URL security checks...