Security Bulletin

CISA has added three new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2023-45727 North Grid Proself Improper Restriction of XML External Entity (XEE) Reference Vulnerability CVE-2024...

I found a sample that is a Word document with an embedded executable. I'll explain how to extract the embedded executable with my tools.

(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

The corrupted files evade security systems but are easily recovered to deliver phishing links.

To move beyond the challenges of "Shadow AI," organizations are looking to AI-powered productivity tools and solutions.

Though it's still just a proof of concept, the malware is functional and can evade the Secure Boot process on devices from multiple vendors.

Insurance companies often want basic requirements met before they'll give you cybersecurity coverage. Here’s what you'll need to qualify.

Chalk up another win for global cooperation among law enforcement, this time targeting seven types of cyber fraud, including voice phishing and business email compromise.

AWS Security Incident Response will help security teams defend organizations from security threats such as account takeovers, breaches, and ransomware attacks.

eSentire’s Chief Cyber Resilience Officer discusses her journey, the importance of mentorship, and how inclusivity and innovation are shaping the future of cybersecurity.

Feeling creative? Submit your caption and our panel of experts will reward the winner with a $25 gift card.