Security News

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday added a vulnerability linked to the supply chain compromise of the GitHub Action, tj-actions/changed-files, to its Known...

DOGE efficiency in action The upheaval at the US government's Cybersecurity and Infrastructure Security Agency, aka CISA, took another twist on Tuesday, as it moved to reinstate staffers it had...

Medusa ransomware now operates as a RaaS model, recruiting affiliates from criminal forums to launch attacks, encrypt data, and extort victims worldwide.

PLUS: Alleged Garantex admin arrested in India; Google deletes more North Korean malware Infosec In Brief United States Federal Communications Commission chair Brendan Carr has unveiled plans to...

Agency tries to save face as it also pulls essential funding for election security initiatives Uncle Sam's cybersecurity agency is trying to save face by seeking to clear up what it's calling...

CISA says the Medusa ransomware operation has impacted over 300 organizations in critical infrastructure sectors in the United States until last month. [...]

Election infosec advisory center also shuttered Updated A penetration tester who worked at the US govt's CISA claims his 100-strong team was effectively dismissed after Elon Musk's Trump-blessed...

CISA warned U.S. federal agencies to secure their networks against attacks exploiting three critical vulnerabilities affecting Ivanti Endpoint Manager (EPM) appliances. [...]

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added five security flaws impacting Advantive VeraCore and Ivanti Endpoint Manager (EPM) to its Known Exploited...

Of the five, one is a Windows vulnerability, another is a Cisco vulnerability. We don’t have any details about who is exploiting them, or how. News article. Slashdot thread.