Security Bulletin

NTT Com disclosed that immediate action was taken to disconnect a pair of breached devices.

CISA has added five new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2025-25181 Advantive VeraCore SQL Injection Vulnerability CVE-2024-57968 Advantive VeraCore Unrestricted File Upload...

Microsoft has identified a complex, malvertising-based attack chain that delivered Lumma and other infostealers to enterprise and consumer PC users; the campaign is unlikely the last of its kind.

I returned from another FOR610[ 1] class last week in London. One key tip I give to my students is to keep an eye on "strange" API calls. In the Windows ecosystem, Microsoft offers tons of API calls to developers. The fact that an API is used in a...

(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

Looking over some weblogs on my way back from class in Baltimore, I feel a reminder is appropriate that (a) weblogs are still a thing and (b) what some of the common webshells are that attackers are looking for.

Speakers at the Keyfactor Tech Days conference tackled the problems of the software supply chain and how best to solve them.

Speaking in an address to Congress, Trump slammed the act, calling it a “horrible, horrible thing.”

The FBI is warning of a ransomware operation targeting C-suite executives via the US Postal Service.