Security Bulletin

Dutch information services firm Wolters Kluwer which counts American Airlines, BP, Boeing, and other Fortune 500 firms among its clients had its systems claimed to have been compromised in a cyberattack, which allegedly resulted in the theft of...

Organizations leveraging the Rockwell Automation Industrial Data Center, Inaba Denki Sangyo CHOCO TEI WATCHER mini-industrial cameras, and Hitachi Energy MicroSCADA Pro/X SYS600 have been urged by Cyble to remediate various critical and high-severity...

Rapid7 researchers have disclosed how attacks aimed at vulnerable Ivanti Connect Secure VPN instances impacted by the critical flaw, tracked as CVE-2025-22457, could result in remote code execution less than a week after a Chinese threat operation...

Already patched Fortinet FortiGate devices impacted by the CVE-2022-42475, CVE-2023-27997, and CVE-2024-21762, continued to provide read-only access to threat actors who established a symbolic link between the user file system and root file system in...

Cybernews reports that major cybercrime forum Cracked.io has resumed operations under the new Cracked[.]sh domain over two months after it was sequestered alongside three other dark web marketplaces as part of the international law enforcement effort...

Stealthier Tycoon2FA phishing kit appears as PhaaS platforms fuel SVG exploitation Threat detection and endpoint security systems are being better evaded by a new iteration of the Tycoon2FA phishing-as-a-service kit, reports BleepingComputer.

DigitalOcean executives describe how they automated and streamlined many of the identity and access management functions that had been previously handled manually.

Cisco and Endace provide Security Operations Center services at RSAC™ 2025 Conference. Sign up for a tour and see what happens in the SOC.

As promised in diary entry " XORsearch: Searching With Regexes", I will outline another method to search with xorsearch and regexes.

A threat actor has claimed responsibility for the alleged politically motivated attack and has uploaded the stolen data to a Dark Web forum.

(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

Two weeks ago, version 1.3.0 of Langflow was released. The release notes list many fixes but do not mention that one of the "Bug Fixes" addresses a major vulnerability. Instead, the release notes state, "auth current user on code validation." [1]