Security Bulletin

When a CISO can articulate risk in context to the business as a whole, development teams can better prioritize their activities.

Such postponement comes after Recall was subjected to several delays since June due to security concerns associated with the feature, which has since been allayed by Microsoft with its assurances of an opt-in experience, a completely encrypted...

Infiltration of systems belonging to Mystic Valley, which caters to older adults and people with disabilities, have enabled the exfiltration of names, birthdates, Social Security numbers, payment card and financial account numbers, passport numbers...

The U.S. Commerce Department has been urged by Sen. Ron Wyden, D-Ore., to bolster the already robust proposed U.S. tech rules that would prevent the utilization of the country's surveillance tools in repressive countries amid concerns of potential...

Such a vulnerability, which arises from an insufficient security hash check vulnerable to brute-forcing, could be successfully abused with the activation of certain configurations within the plugin's crawler feature.

Attacks exploiting the authentication weakness within the 'lighthttpd' server, tracked as CVE-2024-8957, and the insufficient input sanitization bug, tracked as CVE-2024-8957, could enable camera hijacking and bot compromise, as well as further...

Such an intrusion has prompted automated delivery of the malicious lottie-player NPM package versions among users who obtained the library through third-party content delivery networks.

Iranian cyber operation Emennet Pasargad was noted by the FBI, Department of Treasury, and the Israel National Cyber Directorate to have leveraged updated tradecraft, such as IP camera breaches and generative artificial intelligence, in recent...

Attacks involved the use of Rich Communication Services messages indicating false payments that included links redirecting to websites spoofing government agencies, postal services, and banking entities, including the U.S. Postal Service, Linkt, and...

After Quad7's successful exfiltration of targeted systems' passwords through a limited number of sign-in attempts meant to evade detection, Storm-0940 immediately utilized the stolen credentials to breach networks, conduct credential dumping, and...

"See one, teach one, do one" takes a page out of the healthcare playbook to reduce human vulnerabilities where they matter most in cybersecurity.