Security Bulletin

Employing tactics such as living-off-the-land techniques and targeting both Linux and Windows systems, the group is suspected to include former affiliates of LockBit and BlackCat.

Adam Meyers, senior vice president of counter-adversary operations at CrowdStrike says manual attacks, which involve direct interaction with compromised systems rather than relying on malware or automated tools, are gaining traction among...

The vulnerability, tracked as CVE-2024-44131, was discovered in the FileProvider component and has been fixed in iOS 18, iPadOS 18, and macOS Sequoia 15 through improved validation of symbolic links.

A newly discovered vulnerability, CVE-2024-53677, in the aging Apache framework is going to cause major headaches for IT teams, since patching isn't enough to fix it.

Modern identity verification (IDV) approaches aim to connect digital credentials and real-world identity without sacrificing usability.

Non-human identities authenticate machine-to-machine communication. The big challenge now is to secure their elements and processes — before attackers can intercept.

Seemingly innocent "white pages," including an elaborate Star Wars-themed site, are bypassing Google's malvertising filters, showing up high in search results to lure users to second-stage phishing sites.

The draft of the long-awaited update to the NCIRP outlines the efforts, mechanisms, involved parties, and decisions the US government will use in response to a large-scale cyber incident.

A balance of rigorous supplier validation, purposeful data exposure, and meticulous preparation is key to managing and mitigating risk.

At Cisco, we are steadfast in our goals to both reduce environmental impact and foster resilience—ensuring that communities, ecosystems, and industries can adapt, thrive, and sustain themselves in the face of uncertainty. Learn about six...

Existing tools bury analysts in data – we need a proactive approach focused on prevention, not just detection.

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 5.4 ATTENTION: Exploitable remotely/low attack complexity Vendor: Schneider Electric Equipment: Modicon Controllers Vulnerability: Cross-site Scripting 2. RISK EVALUATION Successful exploitation of this...