Security Bulletin

The US Federal Energy Regulatory Commission spells out what electric utilities should do to protect their software supply chains, as well as their network "trust zones."

For development teams awash in vulnerability reports, reachability analysis can help tame the chaos and offer another path to prioritize exploitable issues.

Midsize accounting firm takes nearly a year to notify customers of a breach.

One of the problems I've had since I originally wrote mac-robber.py [ 1][ 2][ 3] seven years ago is that because of the underlying os.stat python library we couldn't get file creation times (B-times). Since the release of GNU...

Microsoft warns that ransomware group Storm-0501 has shifted from buying initial access to leveraging weak credentials to gain on-premises access before moving laterally to the cloud.

On the first night of BlackHat USA, I made conversation with a few friendly penetration testers who were perplexed when I told them I was a developer. Why would I be at a cybersecurity conference? …What was I hoping to get out of it? My general (and...

The threat actors managed to gain access to Sen. Ben Cardin (D-Md.) by posing as a Ukrainian official, before quickly being outed.

By combining agility with compliance, and security with accessibility, businesses will treat their data as a well-prepared traveler, ready for any adventure.

While the legislation has been opposed by Google and OpenAI due to additional burdens, such disapproval from Newsom has been regarded by bill sponsor Sen. Scott Wiener to be a step back in AI regulations.

Check Point Research researchers discovered that installation of the fake WalletConnect app triggers a wallet connection request and the stealthy activation of the MS Drainer toolkit, which then conducts token and NFT scanning and exfiltration...

Passwords should never be kept in plaintext due to potential exploitation, according to Irish DPC Deputy Commissioner Graham Doyle. Meanwhile, Meta noted the prompt remediation of the security issue.

All NVIDIA Container Toolkit versions up to 1.16.1 and GPU Operator instances up to version 24.6.1 are impacted by the flaw, which stems from the absence of secure containerized GPU isolation from the host that exposes sensitive host file system and...