Security Bulletin

Today, CISA—in partnership with the National Security Agency (NSA), the Federal Bureau of Investigation (FBI), and international partners—released joint guidance, Enhanced Visibility and Hardening Guidance for Communications Infrastructure. Partners...

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 9.3 ATTENTION: Exploitable remotely/low attack complexity Vendor: Ruijie Equipment: Reyee OS Vulnerabilities: Weak Password Recovery Mechanism for Forgotten Password, Exposure of Private Personal Information to...

CISA has added three new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2023-45727 North Grid Proself Improper Restriction of XML External Entity (XEE) Reference Vulnerability CVE-2024...

I found a sample that is a Word document with an embedded executable. I'll explain how to extract the embedded executable with my tools.

(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

The corrupted files evade security systems but are easily recovered to deliver phishing links.

To move beyond the challenges of "Shadow AI," organizations are looking to AI-powered productivity tools and solutions.

Though it's still just a proof of concept, the malware is functional and can evade the Secure Boot process on devices from multiple vendors.

Insurance companies often want basic requirements met before they'll give you cybersecurity coverage. Here’s what you'll need to qualify.

Chalk up another win for global cooperation among law enforcement, this time targeting seven types of cyber fraud, including voice phishing and business email compromise.