Security Bulletin

Hacktivists love to target financial services companies, and their attacks are growing both larger and longer.

Attackers could have exploited a dependency confusion vulnerability affecting various Google Cloud services to execute a sprawling supply chain attack via just one malicious Python code package.

Last week, I posted a diary about suspicious Python modules. One of them was Firebase [ 1], the cloud service provided by Google[ 2]. Firebase services abused by attackers is not new, usually, it&#x27s used to host malicious files that will be...

(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

A hidden feature could enable remote command execution using hard-coded credentials on home routers.

Attackers have been using the Windows MSHTML Platform spoofing vulnerability in conjunction with another zero-day flaw.

The sanctions are unlikely to affect the growing network of criminals who lure victims into working for cybercrime sweat shops around the world.

A conference connecting defense industry professionals in the U.S. and Taiwan has come under attack from malware threat actors.

Three days after Ivanti published an advisory about the high-severity vulnerability CVE-2024-8190, threat actors began to abuse the flaw.

Security pros say U.S. companies should stay vigilant as RansomHub remains active worldwide.

Feeling creative? Submit your caption and our panel of experts will reward the winner with a $25 Amazon gift card.