Security Bulletin

Two massive technical outages over the past year underscore the need for cybersecurity teams to consider how to recover safely from disruptions without creating new security risks.

This week, I noticed some new HTTP request headers that I had not seen before:

A school for the Iranian state hackers of tomorrow has itself, ironically, been hacked.

(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

The emergence of Data Security Posture Management (DSPM) in early 2023, followed by major acquisitions by companies like IBM, Thales, and Palo Alto Networks, demonstrates industry recognition of the need for a more holistic approach to data...

In the "PhantomRaven" campaign, threat actors published 126 malicious npm packages that have flown under the radar, while collecting 86,000 downloads.

New research shows AI crawlers like Perplexity, Atlas, and ChatGPT are surprisingly easy to fool.

A subsidiary of Japanese marketing and PR giant Dentsu lost sensitive data to unidentified threat actors, the parent company said.

Firms using Azure infrastructure gained a reprieve from a security-focused switch that could have broken apps that relied on public Internet access.

Infamous botnets like Mirai are exploiting Web-exposed assets such as PHP servers, IoT devices, and cloud gateways to gain control over systems and build strength.

Cisco Marketplace helps IT teams modernize operations with curated integrations to automate tasks, cut alert noise, and connect workflows. Start now.

The best security training programs build strong security culture by focusing on high-risk groups, including developers, executives, and finance pros.