Security Bulletin

Attackers will continue to evolve, and the help desk will always be a target. But with the right mix of training, support, and trust, frontline agents can become your biggest security assets.

Logging netflows provided valuable insight about attacker tactics during a breach by state-sponsored hackers targeting Columbia's research labs.

DARPA's Kathleen Fisher discusses the AI Cyber Challenge at DEF CON 33, and the results that proved how automation can help patch vulnerabilities at scale.

A lot of people like the command line, the CLI, the shell (name it as you want) because it provides a lot of powerful tools to perform investigations. The best example is probably parsing logs! Even if we have SIEM to ingest and process them, many...

At one point, Al-Tahery Al-Mashriky was hacking thousands of websites within the span of three months while stealing personal data and sensitive information.

(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

Detailed spear-phishing emails sent to European government entities in Seoul are being tied to North Korea, China, or both.

The goal of the Quantum-Safe Program is to ensure that by 2033, all Microsoft products and services are safe by default from quantum-based attacks.

Executive Summary What began as a DevNet-led initiative to enable secure, compliant e-commerce for DevNet certification collateral and preparation materials has since evolved into a foundational framework benefiting Cisco at large. Over two years...

The security risks posed by fake employees are particularly severe when they secure IT positions with privileged access and administrative permissions.

The vulnerabilities themselves aren't new, but are being exploited in a novel manner that could lead to a "devastating attack."

Trend Micro's Salvatore Gariuolo talks with the Black Hat USA 2025 News Desk about how the new ISO 15118 standard for electric vehicle smart charging and vehicle-to-grid communications can be weaponized by threat actors.