Security Bulletin

Eclypsium, the enterprise firmware and hardware security firm that discovered the flaws, analyzed three firewall models: PA-3260, PA-1410, and PA-415, and reported that all were affected by the BootHole vulnerability, a GRUB2 bootloader flaw that...

The issue was described as a microcode signature verification vulnerability and could potentially allow unauthorized microcode to bypass verification mechanisms and be loaded into affected CPUs.

The tool's latest features focus on proactive prevention of account compromise and enhanced threat response capabilities, as well ways to make these capabilities available to a broader range of customers.

The new security tool is integrated into the company's Edge browser and uses machine learning and computer vision to identify fraudulent full-screen pop-ups that trick users into installing malware or purchasing unnecessary software.

The flaw could have allowed threat actors to take control of user accounts, enabling them to impersonate targets when booking or canceling reservations and using victims' airline loyalty points.

Managing third-party risk in the SaaS era demands a proactive, data-driven approach beyond checkbox compliance.

Learn how IPv6 is finally gaining momentum, offering fresh opportunities as we move beyond the limits of IPv4.

CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation , as confirmed by Fortinet. CVE-2025-24085 Apple Multiple Products Use-After-Free Vulnerability These types of...

Attackers like to mix multiple technologies to improve the deployment of their malicious code. I spotted a small script that drops a Python malware. The file was sent on VirusTotal and got a score of 2/60![ 1] (SHA256...

(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

White House press secretary calls DeepSeek's emergence a "wake-up call for the American AI industry."

Cybersecurity can't always be "Department of No," but saying yes all the time is not the answer. Here is how to enable innovation gracefully without adding risk to the organization.