Security Bulletin

It’s remarkable what can be achieved when a motivated global team is aligned with a clear mission. At Cisco, our purpose is to power a more inclusive future for all. And within Cisco Legal, we live this purpose through pro bono. When we published our...

The emergence of novel anti-detection kits for sale on the Dark Web limit the effectiveness of a Chrome browser feature that warns users that they have reached a phishing page.

Over the last month, two hurricanes barely missed me. Luckily, neither caused me any significant inconvenience. Sadly, others were not as lucky, and I think this is a good time to do a little "Lessons Learned" exercise. It made me reconsider some of...

The future of application security is no longer about reacting to the inevitable — it's about anticipating and preventing attacks before they can cause damage.

Attackers with at least "manager" privileges could leverage the BIG-IP vulnerability, tracked as CVE-2024-45844, to facilitate privilege escalation and systems compromise.

Only 12% of critical infrastructure professionals disclosed ransomware attacks against their organizations during the past 12 months, with half of the intrusions affecting either the OT network alone or both IT and OT networks.

Attackers leveraged a Nidec Precision employee's valid VPN account credentials to infiltrate the firm's server, enabling the exfiltration of more than 50,000 files, all of which remain unencrypted, including internal files, green procurement-related...

Advanced malware injection attacks have been conducted by threat actors against at least three reputable Radiant Capital contributors' devices, which were later leveraged to validate malicious transactions.

"At this stage in our investigation, we have determined that a small number of files that were not authorized for public download may have been published," said Cisco, which emphasized that none of its systems have been compromised and that users'...

Attackers targeted a government organization in a country part of the Commonwealth of Independent States with an email containing a concealed attached document and distinct tags within its body that facilitate arbitrary JavaScript execution.

Internet Archive's latest breach was noted by the threat actor to have stemmed from the digital library nonprofit's failure to rotate its authentication tokens.

Initial access in a pair of intrusions part of the attack campaign involved Crypto Ghouls utilizing a VPN and a contractor's login credentials, followed by the exploitation of NSSM and Localtonet for remote access.