Security Bulletin

After unsuccessfully exploiting the targeted organization's Wi-Fi credentials obtained via password spraying attacks due to multi-factor authentication, APT28 resorted to breaching other entities in close proximity before discovering a device within...

TAG-110 leveraged vulnerable internet-exposed web apps and phishing emails to facilitate the delivery of the HATVIBE app loader that triggers that data exfiltrating CHERRYSPY backdoor.

Deployment of credential and cryptocurrency stealing malware has been conducted by Sapphire Sleet not only through the impersonation of venture capitalists luring targets to join an online meeting about a supposed investment but also via fraudulent...

Such an intrusion, which was noted to have involved attackers being deeply ingrained into certain telco networks, was regarded by Senate Intelligence Committee Chair Mark Warner, D-Va., to be the "worst telecom hack" in the U.S.

Learn how financial institutions can address ransomware and software and patch requirements to address public vulnerabilities.

Diversity isn't just an issue of fairness — it's about operational excellence and ensuring we have the best possible teams defending our national security.

Few months ago, I noticed that something strange was happening with the number of servers seen by Shodan in Russia...

CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2023-28461 Array Networks AG and vxAG ArrayOS Improper Authentication Vulnerability These types of vulnerabilities are...

As mentioned in diary entry " Increase In Phishing SVG Attachments", I have a phishing SVG sample with heavily obfuscated JavaScript.

In diary entry " Analyzing an Encrypted Phishing PDF", I decrypted a phishing PDF document. Because the PDF was encrypted for DRM (owner password), I didn't have to provide a password.

Wireshark release 4.4.2 fixes 2 vulnerabilities and 33 bugs.

The US Federal Communications Commission (FCC) proposed a $734,872 penalty against a smart doorbell manufacturer that was anything but