Security Bulletin

The latest GenAI jailbreak technique tricks chatbots into returning restricted content by blending different prompt topics together.

Until CEOs and boards prioritize learning more about mitigating threats, organizations are leaving themselves and their businesses open to the potential for disaster.

Autobell disclosed in a statement that its employees and customers may have had their full names, addresses, Social Security numbers, driver's license numbers, tax identification numbers, passport numbers, medical details, health insurance...

Organizations impacted by Mallox ransomware, also known as TargetCompany, Fargo, and Tohnichi, could leverage the decryption tool for files encrypted with the .mallox, .malloxx, .mallab, .malox, .ma1xo, .xollam, and .bitenc extensions between 2023...

Such a demand from Rhysida, which has an Oct. 30 deadline, comes a week after Easterseals disclosed in a filing with the Office of the Maine Attorney General that 14,855 individuals had their information, including their full names, addresses, Social...

Attacks leveraging the SharePoint bug, which could result in remote code execution, have prompted the bug's inclusion in the Cybersecurity and Infrastructure Security Agency's Known Exploited Vulnerabilities catalog, with federal agencies urged to...

Impacted FortiGate devices had their configuration data, user information, and FortiOS256-hashed credentials exfiltrated as a result of the intrusions, a report from Google Cloud Mandiant showed.

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.6 ATTENTION: Exploitable remotely/low attack complexity Vendor: iniNet Solutions Equipment: SpiderControl SCADA PC HMI Editor Vulnerability: Path Traversal 2. RISK EVALUATION Successful exploitation of this...

CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2024-20481 Cisco ASA and FTD Denial-of-Service Vulnerability CVE-2024-37383 RoundCube Webmail Cross-Site Scripting...

Today, CISA—along with U.S. and international partners—released joint guidance, Safe Software Deployment: How Software Manufacturers Can Ensure Reliability for Customers. This guide aids software manufacturers in establishing secure software...

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 6.9 ATTENTION: Exploitable remotely/low attack complexity/public exploits are available Vendor: VIMESA Equipment: VHF/FM Transmitter Blue Plus Vulnerability: Improper Access Control 2. RISK EVALUATION Successful...

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 7.1 ATTENTION: low attack complexity/public exploits are available Vendor: Deep Sea Electronics Equipment: DSE855 Vulnerability: Missing Authentication for Critical Function 2. RISK EVALUATION Successful...