Guides, playbooks, and learning resources to level up your cybersecurity knowledge and keep your organization secure.
Affected devices do not properly sanitize contents of trace files. This could allow an attacker to inject code through social engineering a legitimate user to import a specially crafted trace file
The U.S. Department of Justice charged another former DigitalMint employee for his involvement in an insider scheme in which ransomware negotiators secretly partnered with the BlackCat (ALPHV) ransomware operation.
Phishing floods overwhelm SOC analysts; with 66% unable to keep up, attackers hide spear-phishing in alert queues, increasing breach risk.
The security defects could lead to denial-of-service (DoS) conditions, command execution, or device takeover.
Apple backports CVE-2023-43010 WebKit fix after Coruna exploit kit abused iOS flaws, protecting older iPhones and iPads from memory corruption attacks
The bugs allowed unauthenticated attackers to execute arbitrary code, steal credentials, and take over servers.
The 2024 incident was initially linked to China, but an infostealer infection has now revealed North Korean involvement.
Cybersecurity researchers have discovered half-a-dozen new Android malware families that come with capabilities to steal data from compromised devices and conduct financial fraud. The Android malware range from traditional banking trojans like PixRevolution, TaxiSpy RAT, BeatBanker, Mirax, and Ob...
CISA adds n8n RCE flaw CVE-2025-68613 to KEV after active exploitation; 24,700 exposed instances raise compromise risk.
No description available.
[This is a Guest Diary by Adam Thorman, an ISC intern as part of the SANS.edu BACS program]
A Wikipedia security engineer accidentally wakes a dormant JavaScript worm that hadn’t stirred since 2024 – and within minutes, giant woodpecker images are…
