Security Bulletin

Attacks exploiting the authentication weakness within the 'lighthttpd' server, tracked as CVE-2024-8957, and the insufficient input sanitization bug, tracked as CVE-2024-8957, could enable camera hijacking and bot compromise, as well as further...

Such an intrusion has prompted automated delivery of the malicious lottie-player NPM package versions among users who obtained the library through third-party content delivery networks.

Iranian cyber operation Emennet Pasargad was noted by the FBI, Department of Treasury, and the Israel National Cyber Directorate to have leveraged updated tradecraft, such as IP camera breaches and generative artificial intelligence, in recent...

Attacks involved the use of Rich Communication Services messages indicating false payments that included links redirecting to websites spoofing government agencies, postal services, and banking entities, including the U.S. Postal Service, Linkt, and...

After Quad7's successful exfiltration of targeted systems' passwords through a limited number of sign-in attempts meant to evade detection, Storm-0940 immediately utilized the stolen credentials to breach networks, conduct credential dumping, and...

"See one, teach one, do one" takes a page out of the healthcare playbook to reduce human vulnerabilities where they matter most in cybersecurity.

Here's how managed security services, including MDRs and MSSPs, provide proactive protection such as vulnerability management and attack surface management.

The threat actors deceive their victims by impersonating the legal teams of companies, well-known Web stores, and manufacturers.

The 2024 ISC2 Cybersecurity Workforce Study found that amid a tightening job market and dynamic cyber-threat environment, ongoing staffing and skills shortages are putting organizations at serious risk. Can AI move the needle in defenders' favor?

Following Cybersecurity Awareness Month aims, we want to share information about open-source projects that can help enhance the security of your apps and organization and improve LLM security. Nuclei… Read more on Cisco Blogs

In a twist, more than 1 terabyte of data was stored in the S3 bucket of a previous victim.