Security Bulletin

The House voted against renewing Section 702 of FISA, a law that allows U.S. intelligence agencies to collect vast amounts of information, including data on Americans, to identify foreign threats.

The initiative offers up to $15 million in Claude credits, which are usage-based units for Anthropic's AI services.

Given plans to steer the California Department of Technology (CDT) towards incremental improvements with measurable returns, rather than large-scale, multi-year modernization projects, citing budget limitations.

The group's operation, dubbed Operation Highland, involved backdooring the Pluggable Authentication Modules (PAM) and OpenSSH components, which are fundamental to user authentication on Linux systems.

A recent analysis by Mysterium VPN revealed that over 21,000 live cameras are accessible online without any login credentials or security barriers.

The domains specialized in creating explicit content, often targeting famous women, including politicians, royalty, and entertainers.

The vulnerability, introduced 10 years ago, affects all versions of the 3.x and 4.x release branches up to the specified versions.

Attackers gained access to Novo Nordisk's internal IT systems, copying non-public data without authorization.

A major bug in Oracle's ERP software disproportionately affected American universities, and hackers have capitalized by stealing gobs of data.

We are excited to announce that Deloitte Japan is beginning production validation of Cisco Foundation AI’s Foundation-sec-1.1-8B-Instruct model for its security operations. By using this security-focused, open-source large language model (LLM)......

Stay cool: Mythos 5 is an upgrade over Mythos Preview while Fable 5 is Mythos "made safe for general use," Anthropic explained.

(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.