Security Bulletin

The Apache Software Foundation's earlier fix for a critical Tika flaw missed the full scope of the vulnerability, prompting an updated advisory and CVE.

Attacks against CVE-2025-55182, which began almost immediately after public disclosure last week, have increased as more threat actors take advantage of the flaw.

The US Treasury's Financial Crimes Enforcement Network shared data showing how dramatically ransomware attacks have changed over time.

Peek inside the modern holiday workshop and explore how AI innovations transform the way teams work during one of the busiest times of year.

"Broadside" is targeting a critical flaw in DVR systems to conduct command injection attacks, which can hijack devices to achieve persistence and move laterally.

(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

Software teams at Google and other Rust adopters see safer code when using the memory-safe language, and also fewer rollbacks and less code review.

Remember when Apple put that U2 album in everyone's music libraries? India wanted to do that to all of its citizens, but with a cybersecurity app. It wasn't a good idea.

Manufacturers are the top target for cyberattacks in 2025 because of their still-plentiful cybersecurity gaps and a lack of expertise.

A maximum-severity vulnerability affecting the React JavaScript library has been exploited in the wild, further stressing the need to patch now.

As quantum quietly moves beyond lab experiment and into production workflows, here's what enterprise security leaders should be focused on, according to Lineswala.

Megjelent a 2025. 49. hetére vonatkozó hírválogatás, amely az NBSZ NKI által 2025.11.28. és 2025.12.04. között kezelt incidensek, valamint az elosztott kormányzati IT biztonsági csapdarendszerből (GovProbe1) származó adatok statisztikai eloszlását is...