Security Bulletin

A changing regulatory and enforcement environment means the smart CISO might need to shift how they work this year.

Three Microsoft applications can leak hashed passwords in just one or two clicks, researchers say.

Ivanti reported that it believes malicious code has been added to exploited Connect-Secure and Policy Secure products that allows a threat actor future access, even after mitigation is applied.

Attackers have increasingly leveraged the widely used remote access tool, installed on hundreds of millions of endpoints, to break into victim environments.

A month on from a retail conglomerate's data breach, it's still not clear exactly what the hackers stole, but impacted brands include Dickies, Northface, Timberland, Vans, and more.

This bulletin includes coordinated influence operation campaigns terminated on our platforms in Q4 2023. It was last updated on January 19, 2024.OctoberWe terminated 8 Y…

The industry needs to break away from old-style certifications and focus more on continuous improvement, hands-on training, and realistic simulations.

Though reports say this latest Ivanti bug is being exploited, it's unclear exactly how threat actors are using it.

Russia-backed threat group targeting critical infrastructure and leading NGOs and NATO governments, including attacks on U.S. nuclear research facilities.

An IANS survey shows that CISOs shoulder more and more legal and regulatory liability for data breaches, but few are getting the recognition or support they need.

The Charming Kitten-related cyber-espionage group is posing as legitimate journalists and researchers to get intel on the Israel-Hamas war.

Australia's Essential Eight Maturity Model still doesn't address key factors needed to protect today's cloud and SaaS environments.