Security Bulletin

With mergers and acquisitions making a comeback, organizations need to be sure they safeguard their digital assets before, during, and after.

The Federal Trade Commission has been sought by Sens. Ron Wyden, D-Ore., and Ed Markey, D-Mass., to launch an investigation into major automakers' driver location data sharing practices after a congressional probe showed that only five of 14 car...

Microsoft recorded 1,228 security vulnerabilities in 2023, representing a 5% decline from the year prior and the steady prevalence of reported security issues since 2020, TechRepublic reports.

SecurityWeek reports that online open-source service Judge0 used for arbitrary code execution within a sandbox has been impacted by three critical vulnerabilities, which could be leveraged to facilitate sandbox escapes, privilege escalation, and...

The Philadelphia Inquirer has confirmed that 25,549 individuals had their personal and financial details exfiltrated following a cyberattack last May, according to BleepingComputer.

Major U.S. multinational financial services firm JPMorgan had information from more than 450,000 of its customers compromised following a data breach in August 2021, reports Cybernews.

BleepingComputer reports that hacked WordPress sites have been used as relay command-and-control servers by the novel Wpeeper Android malware, which has been spread via a pair of app stores impersonating the Uptodown App Store and is believed to have...

Threat actors have leveraged Microsoft Azure and Cloudflare lures to facilitate phishing campaigns deploying the Latrodectus malware downloader, also known as IceNova and Unidentified 111, BleepingComputer reports.

More than three million of 4.79 imageless repositories uploaded to Docker Hub over the past five years have been leveraged to target the container registry's users in three separate malicious campaigns, reports The Hacker News.

Kea Hook Library Packages Kea Hooks are separate libraries that can be optionally installed with Kea to provide additional functionality. Some of the Kea hooks are licensed under the MPL 2.0 open source license, and are packaged with the open source...

Today, CISA, in collaboration with U.S. and international partners, published a joint fact sheet, Defending OT Operations Against Ongoing Pro-Russia Hacktivist Activity. This fact sheet provides information and mitigations associated with cyber...

CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2023-7028 GitLab Community and Enterprise Editions Improper Access Control Vulnerability These types of vulnerabilities...