Security Bulletin

More than a million households, primarily in Russia, had their credentials, logs, network configurations, and other sensitive details leaked following the compromise of network equipment vendor Keenetic's Mobile App database, Cybernews reports.

The Cloak ransomware operation has laid claim on a significant cyberattack against the Virginia Attorney General's Office last month, reports SecurityWeek.

Threat actors have abused the vulnerable vsdatant.sys kernel-level driver within the Check Point ZoneAlarm antivirus version released in 2016 to exfiltrate account credentials as part of a Bring Your Own Vulnerable Driver attack, according to...

Malware executables are being increasingly code-signed with three-day certificates using the Microsoft Trusted Signing service as threat actors seek to establish legitimacy and prevent thwarting by security systems, according to BleepingComputer.

Staring long enough at honeypot logs, I am sure you will come across one or the other "oddity." Something that at first does not make any sense, but then, in some way, does make sense. After looking at the Next.js issue yesterday, I looked through...

Cisco and the UK AI Security Institute partnered with NIST to release the latest update to the Adversarial Machine Learning Taxonomy.

A threat actor posted data on BreachForums from an alleged supply chain attack that affected more than 140K tenants, claiming to have compromised the cloud via a zero-day flaw in WebLogic, researchers say.

As the region continues with its ambitious road map, cybersecurity must be woven into every step of the process.

(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

Walking my dog earlier, I came across the sign on the right. Having just looked at yet another middleware/HTTP header issue (the Next.js problem that became public this weekend) [1], I figured I should write something about HTTP headers. We all know...