Security Bulletin

An employee inadvertently downloaded a malicious version of the legitimate RVTools utility, which launched an investigation into an attempted supply chain attack aimed at delivering the recently revived initial-access loader.

For the first time, the Cisco Validated team will have a dedicated zone at Cisco Live San Diego, June 8–12, 2025.

The threat group games IT help desks to gain entry into retailer networks, and signs show it has shifted its attention from the UK to US targets.

Cisco’s comprehensive security portfolio empowers partners to deliver seamless, innovative solutions that drive customer success. By simplifying security and enabling growth, we help partners achieve greater profitability and competitive advantage.

Since December 2023, the threat group has preyed on domains belonging to the US Centers for Disease Control and Prevention (CDC) and numerous other reputable organizations worldwide to redirect users to malicious sites.

Organizations that stay ahead of attacks won't be the most compliant ones — they'll be the ones most honest about what actually works.

Researchers discovered a phishing attack in the wild that takes multiple well-tread technologies like open source packages and AES encryption and combines them.

We have been using our data to identify researchers scanning the internet for a few years. Currently, we are tracking 36 groups performing such scans, and our data feed of the IP addresses used contains around 33k addresses [1].

While the financial terms were not disclosed, the deal is believed to be worth tens of millions and marks a shift for Orca from visibility and risk prioritization to full-scale autonomous remediation.

While AI investment in India is booming, expected to generate $115 billion in economic value by 2027, Tenable found critical missteps, including 77% of Vertex AI Notebook users failing to reconfigure default permissions and 70% of workloads...

The collaboration allows security teams to gain deeper insight into API vulnerabilities and posture issues by embedding Salt’s threat intelligence into the Wiz security graph.

The initiative blends Google Cloud’s real-time security analytics with insurer expertise to offer more personalized and competitively priced cyber insurance coverage, including protections against AI-related threats and quantum-enabled attacks.