Security Bulletin

Yoran died suddenly Jan. 3 after leave of absence for cancer treatment.

A fake Telegram Premium app delivers information-stealing malware, in a prime example of the rising threat of adversaries leveraging everyday applications, researchers say.

The malware, operated by China-backed cyberattackers, has been significantly fortified with new evasive and post-infection capabilities.

New security regulations are more than compliance hurdles — they're opportunities to build better products, restore trust, and lead the next chapter of innovation.

Zero Trust World 2025 will highlight the importance of “default-deny” strategies, practical cybersecurity applications, and fostering a collaborative IT security community through hands-on labs, case studies, and expert insights.

In just two years, LLMs have become standard for developers — and non-developers — to generate code, but companies still need to improve security processes to reduce software vulnerabilities.

The compromise commences with the delivery of a CLDAP referral response packet to disrupt the Local Security Authority Subsystem Service before the subsequent sending of a DCE/RPC request to the targeted machine and the eventual designation of the...

Wallet drainer attack activity was particularly elevated during the first three months of 2024, with the loss of $55.4 million worth of cryptocurrency in the year's biggest heist bringing stolen proceeds to $187 million, according to a study from...

Such a flaw stems from Nuclei's template signature verification process, with the simultaneous usage of regular expressions, or regex, and YAML parser potentially resulting in the introduction of a "\r" character read as a line break and leading to...

Misconfigurations in MyGiftCardSupply's Microsoft Azure Cloud instance leaked nearly 200,000 customers' selfie pictures and more than 600,000 identity document images, the most recent of which was from New Year's Eve, according to security researcher...

Infiltration of the hospital's network earlier that month resulted in the compromise of files, one of which had individuals' names, birthdates, Social Security numbers, state ID or driver's license numbers, biometric details, financial account data...

"Atos understands that external third-party infrastructure, unconnected to Atos, has been compromised by the group Space Bears. This infrastructure contained data mentioning the Atos company name, but is not managed nor secured by Atos," said the...