Security Bulletin

Even more alarming: the EPA does not have a notification system for cybersecurity incidents.

Bresman talks with SC Media about the role of artificial intelligence in identity and access management and also touches on the challenges of protecting data in hybrid environments.

CyberScoop reports that the incoming Trump administration has been urged by Deputy National Security Adviser for Cyber and Emerging Technologies Anne Neuberger to establish a framework for minimum cyber regulations for critical infrastructure...

BitDefender has issued a free decryption tool for the novel ShrinkLocker ransomware strain that emerged in May, according to The Record, a news site by cybersecurity firm Recorded Future.

Global B2B data aggregation firm DemandScience, formerly known as Pure Incubation, was confirmed by cybersecurity researcher Troy Hunt to have owned the 122 million business contact details stolen and exposed by threat actor KryptonZambie in February...

Speaking to SC Media at the Hybrid Identity Protection Conference, Inglis outlined how intentional choices can either fortify or undermine an organization’s defenses.

The Embargo ransomware group has claimed targeting U.S. independent pharmacy cooperative American Associated Pharmacies in an attack, which purportedly resulted in the theft of 1.469 TB of data, reports The Register.

Chinese malware attack hits Tibetan websites Tibetan organizations Tibet Post and Gyudmed Tantric University had their websites breached by suspected Chinese state-backed threat operation TAG-112 in late May to spread the Cobalt Strike beacon and...

Mounting tensions in the Middle East have been exploited by Hamas-affiliated threat operation WIRTE which had been linked to the Gaza Cyber Gang, also known as TA402 and Molerats as it sought to broaden intrusions against organizations across Israel...

BleepingComputer reports that Ukrainian organizations have been subjected to suspected Russian cyberattacks involving the newly fixed Windows NTLM Hash Disclosure spoofing flaw, tracked as CVE-2024-43451, since June.

In the future, the cybersecurity landscape likely will depend not only on the ability of federal workforces to protect their agencies but also on their capacity to continuously develop and sharpen those skills.

A new report from the Open Software Supply Chain Attack Reference (OSC&R) team provides a framework to reduce how much vulnerable software reaches production.