Security Bulletin

Software teams need to follow security best practices to eliminate the leak of secrets, as threat actors increase their scanning for configuration and repository files.

While law enforcement has identified and arrested several alleged members, the notorious threat group continues to wreak havoc.

Security leaders are increasingly challenged to adopt AI for protection while bracing for the new risks it introduces, as adversaries weaponize the same technology with alarming speed and precision, SiliconAngle reports.

A 25-year-old California man, Ryan Kramer, has pleaded guilty to infiltrating Disneys internal communications and stealing over 1.1 terabytes of confidential data by deploying malware disguised as an AI image generation tool, BleepingComputer reports...

A possible cyberattack on Polands state registry systems on Wednesday temporarily disrupted access to key digital government services, including identity verification and tax reporting platforms, according to a report by The Record, a news site by...

The Record, a news site by cybersecurity firm Recorded Future, reports that Apple has alerted users in 100 countries that their devices were targeted by sophisticated spyware, part of a global wave of mercenary surveillance attacks.

Gutting CISA won't just lose us a partner. It will lose us momentum. And in this game, that's when things break.

A cyber incident has severely disrupted digital infrastructure at Bartlesville Public Schools in Oklahoma, halting state testing and prompting an urgent investigation, the Bartlesville Examiner-Enterprise reports.

Pro-Russian hacktivist group NoName057(16) has been linked to a wave of distributed denial-of-service (DDoS) attacks targeting multiple public and private organizations across the Netherlands, BleepingComputer reports.

BleepingComputer reports that security researchers have uncovered seven malicious Python Package Index packages leveraging Gmail's SMTP servers and encrypted WebSocket connections to exfiltrate data and execute remote commands on infected systems.

CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2025-34028 Commvault Command Center Path Traversal Vulnerability CVE-2024-58136 Yiiframework Yii Improper Protection...

Facing a politically motivated Justice Department investigation, former CISA director Chris Krebs was warmly welcomed at the RSAC conference as he led a panel discussion of national-security luminaries.