Information and Guidance
- Generative artificial intelligence - ITSAP.00.041
- Artificial Intelligence - ITSAP.00.040
- Joint cyber security advisory on pro-Russia hacktivists conducting opportunistic attacks on global critical infrastructure
- Ransomware
- Joint malware analysis report on Brickstorm backdoor
- Public content provenance for organizations (ITSP.10.005)
- Joint guidance on principles for the secure integration of artificial intelligence in operational technology
- Joint statement on malicious cyber activity targeting Canadian critical infrastructure
- Backgrounder: Malicious cyber activity targeting Canadian critical infrastructure
- The cyber threat to Canada’s water systems: Assessment and mitigation
The Hacker News RSS Feed
- CISA Adds Actively Exploited Sierra Wireless Router Flaw Enabling RCE Attacks
- Apple Issues Security Updates After Two WebKit Flaws Found Exploited in the Wild
- Fake OSINT and GPT Utility GitHub Repos Spread PyStoreRAT Malware Payloads
- New Advanced Phishing Kits Use AI and MFA Bypass Tactics to Steal Credentials at Scale
- Securing GenAI in the Browser: Policy, Isolation, and Data Controls That Actually Work
- New React RSC Vulnerabilities Enable DoS and Source Code Exposure
- React2Shell Exploitation Escalates into Large-Scale Global Attacks, Forcing Emergency Mitigation
- CISA Flags Actively Exploited GeoServer XXE Flaw in Updated KEV Catalog
- ThreatsDay Bulletin: Spyware Alerts, Mirai Strikes, Docker Leaks, ValleyRAT Rootkit — and 20 More Stories
- NANOREMOTE Malware Uses Google Drive API for Hidden Control on Windows Systems
News
- FreePBX security advisory (AV25–831)
- GeoServer security advisory (AV25-789) - Update 1
- Atlassian security advisory (AV25-830)
- Google Chrome security advisory (AV25-829)
- Drupal security advisory (AV25-828)
- GitLab security advisory (AV25-827)
- Jenkins security advisory (AV25-826)
- [Control systems] Schneider Electric security advisory (AV25-825)
- Ivanti security advisory (AV25-824)
- Adobe security advisory (AV25-823)
Cloud Security
- Securing Your Move to the Hybrid Cloud
- 380K Kubernetes API Servers Exposed to Public Internet
- Deep Dive: Protecting Against Container Threats in the Cloud
- Security Turbulence in the Cloud: Survey Says…
- Firms Push for CVE-Like Cloud Bug System
- Zero-Trust For All: A Practical Guide
- Rethinking Cyber-Defense Strategies in the Public-Cloud Age
- Protect Your Executives’ Cybersecurity Amidst Global Cyberwar
- Cyberattackers Put the Pedal to the Medal: Podcast
- Microsoft Zero-Days, Wormable Bugs Spark Concern