Security Bulletin

Using a malicious Chrome extension, researchers showed how an attacker could use a now-fixed bug to inject custom code into a victim's Opera browser to exploit special and powerful APIs, used by developers and typically saved for only the most...

ACROS Security has released free unofficial fixes for a zero-day flaw in Windows Themes, which could be leveraged to facilitate the remote compromise of NTLM credentials on devices running on Windows 7 to Windows 11 24H2.

Aside from enabling surveillance that curtails individuals' privacy rights, the UN cybercrime treaty — which has already been approved by the body's Ad Hoc Committee on Cybercrime — also requires the gathering and sharing of private internet user...

Increasingly prevalent state-sponsored intrusions have been partly fueled by escalating activities from both countries' non-state attackers, with Russia commonly tapping hacktivist groups and China partnering with universities and businesses in its...

Milan-based private investigations firm Equalize led by former top cop Carmine Gallo was reportedly behind the years-long hacking campaign, which was facilitated by bribes to police officers, remote access trojan compromise, and the breach of the...

Fortinet has updated their security advisory addressing a critical FortiManager vulnerability (CVE-2024-47575) to include additional workarounds and indicators of compromise (IOCs). A remote, unauthenticated cyber threat actor could exploit this...

The Cisco 2024 Consumer Privacy Survey highlights awareness and attitudes regarding personal data, legislation, Gen AI and data localization requirements.

Celebrate the achievements of our partner ecosystem at Cisco Partner Summit 2024. Discover the outstanding performance of our global award winners and their impact on customers and communities.

(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

The discoveries included three critical security vulnerabilities and 18 high-severity flaws.

Now a zero-day, the vulnerability enables NTLM hash theft, an issue that Microsoft has already fixed twice before.

At least two people responsible for operating the malware network that infected an estimated 1,200 servers.