Security Bulletin

Vulnerability prioritization has evolved over the years. Several frameworks exist to help organizations make the right decisions when it comes to deciding which patches to apply and when. But are these better than a Magic 8 Ball?

Aside from featuring over 40 million signals from the DNS Research Federation's data platform and the Global Anti-Scam Alliance's comprehensive stakeholder network, the Global Signal Exchange will also contain more than 100,000 bad merchant URLs and...

Such breaches, which were pinned on the dismal security measures of Marriott and subsidiary Starwood Hotels & Resorts, resulted in the exfiltration of individuals' email addresses, birthdates, and other personal details, as well as their passport...

Most serious of the resolved vulnerabilities was the critical OS command injection issue, tracked as CVE-2024-9463, which could be exploited to expose firewalls' usernames, cleartext passwords, API keys, and configurations.

Included in the 6.4 GB SQL database were Internet Archive members' email addresses, usernames, Bcrypt-hashed passwords and password change timestamps, as well as other internal details as recent as September 28, when the attack was believed to have...

Announcing the U.S. Fast Future Innovation Awards (FFIA)—the hunt for groundbreaking ideas that leverage AI to make a tangible impact. Whether your passion lies in education, sustainability, hybrid work, cybersecurity, healthcare, or critical...

While some threat actors established fraudulent disaster relief websites as part of phishing attacks aimed at exfiltrating financial details and Social Security numbers from individuals seeking aid, others impersonated Federal Emergency Management...

Malicious GitHub pages and YouTube videos containing links for purported cracked office software, automated trading bots, and game cheats, have been leveraged to facilitate the download of self-extracting password-protected archives.

While threat actors continued to impersonate employers on job search platforms to lure software developers into participating in an online interview that would be followed by BeaverTail malware compromise, more recent attacks entailed the deployment...

Threat actors leveraged social engineering techniques to lure targets into executing a malicious MSI installer-spoofing LNK file that would run an obfuscated script, which ensures persistence and downloads the VSCode command-line interface in the...

Cisco's AI Security Portal contains resources to help you secure your AI implementation, whether you're a seasoned professional or new to the field.

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.7 ATTENTION: Exploitable remotely/low attack complexity Vendor: Rockwell Automation Equipment: ControlLogix Vulnerability: Improper Input Validation 2. RISK EVALUATION Successful exploitation of this...