Security Bulletin

Despite its good intentions, many experts said the bill took a flawed approach to regulating AI safety.

Critics viewed the bill as seeking protections against nonrealistic "doomsday" fears, but most stakeholders agree that oversight is needed in the GenAI space.

A team of security researchers discovered a vulnerability that allows for Kia cars to be remotely compromised with nothing more than a license plate number.

CISOs for US states face the same kinds of challenges those at private companies do: lots of work to handle, but not necessarily enough money or people to handle it sufficiently well.

The cyberattackers allegedly stole information from US campaign officials only to turn around and weaponize it against unfavored candidates.

The US Federal Energy Regulatory Commission spells out what electric utilities should do to protect their software supply chains, as well as their network "trust zones."

For development teams awash in vulnerability reports, reachability analysis can help tame the chaos and offer another path to prioritize exploitable issues.

Midsize accounting firm takes nearly a year to notify customers of a breach.

One of the problems I've had since I originally wrote mac-robber.py [ 1][ 2][ 3] seven years ago is that because of the underlying os.stat python library we couldn't get file creation times (B-times). Since the release of GNU...

Microsoft warns that ransomware group Storm-0501 has shifted from buying initial access to leveraging weak credentials to gain on-premises access before moving laterally to the cloud.

On the first night of BlackHat USA, I made conversation with a few friendly penetration testers who were perplexed when I told them I was a developer. Why would I be at a cybersecurity conference? …What was I hoping to get out of it? My general (and...