Security Bulletin

In a "new class of attack," the Russian APT breached a target in Washington, DC, by credential-stuffing wireless networks in close proximity to it and daisy-chaining a vector together in a resourceful and creative way, according to researchers.

In late 2024, ransomware groups showed heightened interest in sectors rich with sensitive data.

In our recent Cisco AI Readiness Index, we found that only 13% of organizations consider themselves ready to capture AI’s potential, even though urgency is high. Companies are investing, but close to half of respondents say the gains aren’t meeting...

Nearly 400,000 internet-exposed devices were susceptible to attacks involving the abuse of the 15 most exploited security flaws in 2023, almost half of which were Fortinet FortiOS appliances.

Increasing cybersecurity threats against the U.S. healthcare sector have prompted Senate Health, Education, Labor, and Pensions Committee members Bill Cassidy, R-La., John Cornyn, R-Texas, Maggie Hassan, D-N.H., and Mark Warner, D-Va., to introduce...

After infiltrating The Real World through the exploitation of a platform vulnerability, attackers proceeded to post pro-feminist and LGBTQ+ emojis, remove attachments, and issue provisional bans for users of the platform, which was previously called...

Threat actors who compromised Bojangles' corporate network between February and March were able to exfiltrate "certain files" containing names and other personal details, according to Bojangles.

International Game Technology, a London-based multinational gambling and lottery company with more than 11,000 employees around the world, had some of its internal IT systems and apps disrupted following a cyberattack on Nov. 17.

Five critical steps to transition from outdated, static methodologies to cutting-edge autonomous pentests.

After unsuccessfully exploiting the targeted organization's Wi-Fi credentials obtained via password spraying attacks due to multi-factor authentication, APT28 resorted to breaching other entities in close proximity before discovering a device within...

TAG-110 leveraged vulnerable internet-exposed web apps and phishing emails to facilitate the delivery of the HATVIBE app loader that triggers that data exfiltrating CHERRYSPY backdoor.

Deployment of credential and cryptocurrency stealing malware has been conducted by Sapphire Sleet not only through the impersonation of venture capitalists luring targets to join an online meeting about a supposed investment but also via fraudulent...