Security Bulletin

Popular titles on both Google Play and Apple's App Store include hardcoded and unencrypted AWS and Azure credentials in their codebases or binaries, making them vulnerable to misuse by threat actors.

The longer we avoid reform, the further behind we'll fall in AI innovation — and the more vulnerable we'll be.

Despite a law enforcement sweep last May, the sophisticated downloader malware is re-emerging.

Today our "First Seen" page displayed a number of simple URLs:

Cisco has always had an obsession of putting the user experience at the center of everything we do. Today marks another step in this evolution with Cisco Spatial Meetings for Apple Vision Pro. It takes a concept we call “Distance Zero” to the next...

CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation , as confirmed by Fortinet. CVE-2024-47575 Fortinet FortiManager Missing Authentication Vulnerability These types of...

Congratulations to all the researchers recognized in this quarter’s Microsoft Researcher Recognition Program leaderboard! Thank you to everyone for your hard work and continued partnership to secure customers. The top three researchers of the 2024 Q3...

(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

If exploited, bad actors can execute arbitrary code while evading detection thanks to a renamed process.

The vulnerability affects all versions prior to v0.68.0 and highlights the risks organizations assume when consuming open source software and code.