Security Bulletin

More than half of organizations surveyed aren't sure they can secure non-human identities (NHIs), underscoring the lag between the rollout of these identities and the tools to protect them.

Discover how historic federal investments and trusted partnerships are empowering Tribal Nations to bridge the digital divide, build digital sovereignty, and drive economic empowerment.

The country deploys "cyber-enabled kinetic targeting" prior to — and following — real-world missile attacks against ships and land-based targets.

(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

New research reveals that sophisticated phishing attacks consistently bypass traditional enterprise security measures.

Researchers built an inexpensive device that circumvents chipmakers' confidential computing protections and reveals weaknesses in scalable memory encryption.

The actor behind the "Contagious Interview" campaign is continuing to refine its tactics and social engineering scams to wrest credentials from macOS users.

State-linked hackers stayed under the radar by using a variety of commercial cloud services for command-and-control communications.

Overview DNSSEC-signed zones offer protection against response spoofing to both DNSSEC-validating resolvers and authoritative DNS zone operators who choose to sign their published zones. NSEC and NSEC3 are the mechanisms within DNSSEC used to provide...

Despite possibly supplanting some young analysts, one Gen Z cybersecurity specialist sees AI helping teach those willing to learn and removing drudge work.

Previously, we provided full text copies of the release notes for each version of Kea here in our KB. However, since they are always available directly from our downloads site at https://downloads.isc.org/isc/kea/ and Read the Docs, we felt it would...

A new ClickFix variant ratchets up the psychological pressure to 100 and addresses some technical mitigations to classic ClickFix attacks.