Security Bulletin

The goal is to apply psychology principles to security training to change behaviors and security outcomes.

Researchers find it takes far less to manipulate a large language model's (LLM) behavior than anyone previously assumed.

Hardcoded credentials, access tokens, and API keys are ending up in the darnedest places, prompting a call for organizations to stop over-privileging secrets.

NSO Group must pay $4 million in damages and is permanently prohibited from reverse-engineering WhatsApp or creating new accounts after targeting users with spyware.

As AI raises the stakes for energy efficiency, precision is paramount. Discover how Cisco researchers have achieved a breakthrough in power measurement accuracy—paving the way for substantially smarter infrastructure decision-making.

Discover how leading IT teams are transforming wireless networks with AI-driven intelligent automation, real-time optimization, and streamlined access control. Learn about the latest Cisco innovations that deliver seamless, secure, and reliable Wi-Fi...

Starting yesterday, some of our honeypots received POST requests to "/cgi-bin/webctrl.cgi", attempting to exploit an OS command injection vulnerability:

Thanks to improving cybersecurity and law enforcement action from the West, Russia's government is reevaluating which cybercriminals it wants to give safe haven from the law.

The Iranian threat group is using a compromised mailbox accessed through NordVPN to send phishing emails that prompt recipients to enable macros.

CVE: CVE-2025-8677 Title: Resource exhaustion via malformed DNSKEY handling Document version: 2.0 Posting date: 22 October 2025 Program impacted: BIND 9 Versions affected: BIND 9.18.0 -> 9.18.39 9.20.0 -> 9.20.13 9.21.0 -> 9.21.12 BIND Supported...

CVE: CVE-2025-40780 Title: Cache poisoning due to weak PRNG Document version: 2.0 Posting date: 22 October 2025 Program impacted: BIND 9 Versions affected: BIND 9.16.0 -> 9.16.50 9.18.0 -> 9.18.39 9.20.0 -> 9.20.13 9.21.0 -> 9.21.12 BIND Supported...

CVE: CVE-2025-40778 Title: Cache poisoning attacks with unsolicited RRs Document version: 2.0 Posting date: 22 October 2025 Program impacted: BIND 9 Versions affected: BIND 9.11.0 -> 9.16.50 9.18.0 -> 9.18.39 9.20.0 -> 9.20.13 9.21.0 -> 9.21.12 BIND...