Security Bulletin

As a Cisco partner, you're committed to staying ahead in a rapidly evolving technology landscape. Our Cisco Black Belt Academy is designed to support your professional growth, and understanding the backend process of your certification journey can...

I recorded a quick live stream with a quick update on CVE-2024-38063. The video focuses on determining the exploitability, particularly whether your systems are reachable by IPv6.

By moving beyond guidelines and enforcing accountability, encouraging innovation, and prioritizing the safety and well-being of our communities in the digital age, we can build a more secure software future.

New security standards conformance for Catalyst Center highlights our team’s dedication to protecting your network and your data.

Individuals' names, birthdates, Social Security numbers, addresses, and health insurance details, as well as medical and diagnosis data, have been compromised by threat actors who infiltrated Carespring's network between Oct. 12 and Oct. 30, said...

Threat actors were able to secure payment card details, including individuals' names, payment card numbers, CVVs, and expiration dates, between Dec. 20, 2023 and Jun. 26, 2024, after redirecting online ticket transactions from a third-party vendor...

Information compromised due to the misconfiguration included individuals' names, birth years, shipping addresses, billing addresses, IP addresses, social media accounts, and phone numbers, as well as their credit cards' last four digits, aircraft and...

Infiltration of the Toyota branch has enabled the exfiltration not only of data from customers and employees but also financial information, contracts, emails, and network infrastructure details, which have been obtained through the ADRecon tool...

Integrated within UULoader was an archive file with two main executables that did not have their file headers, with the first being a binary enabling DLL file side-loading of the final-stage payloads.

Typosquatted domains mimicking legitimate sites have been leveraged to host the MSIX installers, which not only spoof Zoom, KeePass, Steam, and other popular software but also facilitate script execution prior to app deployment.

Attacks exploiting a Windows Ancillary Function Driver for WinSock zero-day vulnerability, tracked as CVE-2024-38193, have been deployed by North Korean hacking collective Lazarus Group to facilitate stealthy systems compromise with the FUDModule...