Security Bulletin

(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

I spotted another interesting file that uses, once again, steganography. It seems to be a trend (see one of my previous diaries[ 1]). The file is an malicious Excel sheet called blcopy.xls. Office documents are rare these days...

The House Democrats asked for a full assessment of the NVD and CVE systems.

Without new frameworks, agentic AI threatens to overwhelm identity systems with complexity and risk.

The multimodal Nytheon AI platform is advertised on criminal forums and Telegram channels.

A new Cybersecurity and Infrastructure Security Agency (CISA) advisory warned ransomware actors have been actively exploiting a critical SimpleHelp flaw since January.

While there was still no evidence of exploitation, Trend Micro advises customers to patch right away.

Researchers say the latest vehicle for covert data extraction from secured systems could be sitting on your wrist.

Here’s five ways to set up a coding operation that reflects the growing presence of AI.

Proofpoint researchers discovered a large-scale campaign using the open source penetration-testing framework that has targeted more than 80,000 Microsoft accounts.

The Hacker News reports that ongoing security issues have prompted ConnectWise to schedule a rotation of digital code signing certificates for ScreenConnect, ConnectWise Remote Monitoring and Management, and ConnectWise Automate executables.