Security Bulletin

The number of CISOs who report directly to the CEO is up sharply in recent years, but many still say it's not enough to secure adequate resources.

CISA warned that attackers are chaining a number of CVE-listed vulnerabilities into a single exploit script.

Nearly 1,000 imitation pages were discovered, targeting users looking for other software.

A departmentwide initiative has now led to five major law enforcement actions, in an attempt to curb the increasingly common trend of North Korean hackers posing as IT job applicants.

Small and midsize companies tend not to check for NAS updates, so customers advised to patch right away.

The MITRE framework's applied exercise provides defenders with critical feedback about how to detect and defend against common, but sophisticated, attacks.

The bug has been given a 9.9 CVSS score, and could allow authenticated threat actors to escalate their privileges to admin-level if exploited.

Third-party API security requires a tailored approach for different scenarios. Learn how to adapt your security strategy to outbound data flows, inbound traffic, and SaaS-to-SaaS interconnections.

For the first time in a long while, the federal government and the software sector alike finally have the tools and resources needed to do security well — consistently and cost-effectively.

Such lagging vulnerability remediation for ProxyLogon significantly contrasts patching activities for a pair of Ivanti flaws also leveraged in Salt Typhoon attacks, tracked as CVE-2023-46805 and CVE-2024-21887, which have been addressed in over 92%...

Cl0p, Akira, and RansomHub were the next most active ransomware operations, according to a report from NCC Group.