Security Bulletin

Chinese APTs lurked in Canadian government networks for five years — and that's just one among a whole host of threats from Chinese bad actors.

The prominent state-sponsored advanced persistent threat (APT), aka Jumpy Pisces, appears to be moving away from its primary cyber-espionage motives and toward wreaking widespread disruption and damage.

President Joe Biden's approval of the Technology Modernization Fund three years ago was noted by Federal Chief Information Officer Clare Martorana to have significantly bolstered the U.S.'s cybersecurity posture.

Accelerating zero trust and bolstering operational visibility have been noted by interim Federal Chief Information Security Officer Mike Duffy to be among the U.S.'s leading cybersecurity policy priorities for the following year.

Malicious actors could have compromised the Opera browser's private APIs through a malicious extension on the Chrome Web Store exploiting a recently addressed vulnerability as part of the CrossBarking attack.

QNAP's patches for the SQLi issue come just days after it addressed another zero-day impacting its HBS 3 Hybrid Backup Sync disaster recovery and data backup solution, which was discovered and leveraged by the Viettel Cyber Security team to...

Major Peruvian financial services firm Interbank, formerly known as the International Bank of Peru, has disclosed having been impacted by a cyberattack that resulted in the compromise of certain clients' information after stolen data was exposed by...

Attacks by Chinese hackers have been targeted at Canada's critical infrastructure, with intrusions against U.S. critical infrastructure remaining a significant concern due to "cross-border interoperability and interdependence."

Application security teams from Fortune 500 companies are already using Noma's life cycle platform, which offers organizations data and AI supply chain security, AI security posture management, and AI threat detection and response.

After exploiting the Safari remote code execution flaw, tracked as CVE-2020-9802, for initial access, the updated LightSpy payload triggers an exploit chain with jailbreak and loader stages prior to malware core delivery on devices running on iOS...

Knee-jerk reactions to major vendor outages could do more harm than good.

Attackers leveraged pernicious ads to lure targets into downloading ZIP packages with the malicious Electron app in the guise of legitimate software, which downloads the SYS01 infostealer that primarily compromises Facebook credentials while...