Security Bulletin

Researchers uncovered a vulnerability that could have placed millions of Google Cloud instances at risk of remote hijack.

The latest Secure by Design alert from CISA outlines recommended actions security teams should implement to reduce the prevalence of cross-site scripting vulnerabilities in software.

Security pros say KBs can be easily misconfigured – data on more than 1,000 KBs exposed.

A researcher bypassed the Calendar sandbox, Gatekeeper, and TCC in a chain attack that allowed for wanton theft of iCloud photos.

The Eastern European group is actively expanding its financial fraud activities, with its pipelines representing a veritable Silk Road for the transfer of cryptocurrency, and lucrative and exploitable data.

US State Department warns that Kremlin-backed media outlets in democracies around the world are hiding Russian cyber spies and actively working to sow discord.

Hydden's platform detects and classifies an organization's identities, accounts, and privileges, regardless of where they reside in the IT environment.

Despite more US sanctions against spyware operators, Apple decided the cost in terms of disclosures about its own anti-spyware efforts was too great.

Threat actors could exploit a vulnerability in Google Cloud's Document AI service to facilitate data exfiltration, reports SiliconAngle.

Hackread reports that UK-based experiential marketing and promotional staffing service provider Experience Engine had its systems purportedly breached this month by IntelBroker, which has been peddling the stolen data on BreachForums.

More than 88,000 individuals had their personal and health information stolen following a cyberattack against New Hampshire-based healthcare provider Access Sports Medicine & Orthopaedics in May, which has been claimed by the INC Ransom ransomware-as...