Security Bulletin

CISA has added six new vulnerabilities to its  Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2025-4427 Ivanti Endpoint Manager Mobile (EPMM) Authentication Bypass Vulnerability CVE-2025-4428 Ivanti Endpoint...

Like .Net, AutoIT[ 1] remains a popular language for years in the malware ecosystem. It's a simple language that can interact with all the components of the Windows operating system. I regularly discover AutoIT3 binaries...

(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

A couple years ago I published tool xorsearch.py for this diary entry: " Small Challenge: A Simple Word Maldoc - Part 4".

Insufficient policy enforcement could lead to data disclosure when loading malicious resources.

Cisco IOS XE offers advanced programmability and automation capabilities that simplify network management and reduce complexity. By utilizing open, standards-based APIs such as NETCONF, RESTCONF, and… Read more on Cisco Blogs

Coinbase is going Liam Neeson on its attackers, potentially setting a new precedent for incident response in the wake of crypto- and blockchain-targeting cyberattacks.

An internal error led to public disclosure of reams of sensitive data that could be co-opted for follow-on cyberattacks.

Scattered Spider and other phishers and hacking groups are using rentable subdomains from dynamic DNS providers to obfuscate their activity and impersonate well-known brands.

Specialization among threat groups poses challenges for defenders, who now must distinguish between different actors responsible for different facets of an attack.

While most of the victims are based overseas, security pros say it’s plausible the group will also target North America.