Security Bulletin

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.7 ATTENTION: Low attack complexity Vendor: Advantech Equipment: ADAM-5550 Vulnerabilities: Weak Encoding for Password, Cross-site Scripting 2. RISK EVALUATION Successful exploitation of these vulnerabilities...

SBOMs offer great insight into the software supply chain, but it takes strong controls to make the code secure. .

Researchers have uncovered one of the first examples of threat actors using artificial intelligence chatbots for malware creation, in a phishing attack spreading the open source remote access Trojan.

Who needs advanced malware when you can take advantage of a bunch of OSS tools and free cloud services to compromise your target?

(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

[This is a Guest Diary by Thomas Spangler, an ISC intern as part of the SANS.edu BACS program]

The latest draft version of NIST's password guidelines simplifies password management best practices and eliminates those that did not promote stronger security.

Attackers can remotely add rogue admin accounts using the authentication bypass flaw.

The FBI, NSA and CNMF joined forces to warn the public of a looming threat posed by a massive botnet.

The company said the rogue update that caused disruptions on a global scale resulted from a "perfect storm" of issues.

There will be four major categories in the 2025 retread of the hacking competition, with prizes ranging for each challenge, from $20,000 to half a million.

The state-sponsored advanced persistent threat (APT) is going after high-value communications service provider networks in the US, potentially with a dual set of goals.