Security Bulletin

The last known cyberattack waged against Iranian infrastructure took place last December with the blame placed on Israel and the US.

Security pros say the Entra ID flaw could let attackers impersonate a user with Global Admin privileges, even the CEO.

Attackers have moved on from stealing passwords to stealing authentication tokens. Here's how the attacks work, and how to guard against them.

When it comes to this year's candidates and political campaigns fending off major cyberattacks, a lot has changed since the 2016 election cycle.

Users of Oracle's ERP for Web storefronts might not be aware of a misconfiguration which could put customer data at risk of exposure.

After loading a vulnerable driver, the utility uses a public exploit to gain privilege escalation and the ability to disable endpoint protection software.

Though it is possible for cyber disruptions to occur, CISA and the FBI say that ransomware will not impact casting or counting ballots.

Institutionalizing and sustaining fundamental cybersecurity practices requires a commitment to ongoing vigilance, active management, and a comprehensive understanding of evolving threats.

Paul Davis, Field CISO at Jfrog, delves into the critical challenges facing today’s information security leaders, particularly in securing development workflows.

Conducting a federal probe on TP-Link was noted by the lawmakers to be crucial following reports that known TP-Link firmware and instance vulnerabilities were leveraged by threat actors to compromise European government officials.

Attackers could have leveraged the issue in the Setuptools Python package — which is used to facilitate Python library management and installation in AI models — to enable arbitrary code execution via specially crafted package URLs.