In this overview, we discuss cybercriminal and hacktivist attacks on industrial organizations.

On 2024-04-11, an incident was reported, involving an unknown actor, gaining initial access via Cloud native misconfig, while using Launch new cloud resources, Create or modify firewall or...

On 2024-04-11, an incident was reported, involving an unknown actor, gaining initial access via End-user compromise, while using Password spraying, Launch new cloud resources, MFA enrollment,...

On 2024-04-11, an incident was reported, involving an unknown actor, gaining initial access via Supply chain vector, while using Cloud key compromise, Cloud to on-prem lateral movement, to achieve...

On 2024-04-11, an incident was reported, involving an unknown actor, gaining initial access via End-user compromise, while using Cloud key compromise, Phishing, to achieve RansomOp.

On 2024-04-11, an incident was reported, involving an unknown actor, gaining initial access via End-user compromise, while using Cloud key compromise, to achieve Data exfiltration.

An unknown threat actor gained access to a self-hosted Gitlab instance used by Sisense, which stored credentials for an S3 bucket containing customer access tokens, passwords and SSL certificates.

Jet Protocol was a lending and borrowing protocol built on Solana. The function _market_value() is used to determine the total market value of the loans that had been taken out. So, if this...

We’re pushing for consolidation, bolstering our Cloud Detection and Response capabilities, and delivering on the promise of security operations for the cloud era.

The Wiz and Tines partnership combines the benefits of visibility and automation, creating an improved cloud security strategy.

Learn how to use the versatile, open source utility CyberChef. This 101 includes an overview, operations, real-world walkthrough, and resources.

As the creator of the world’s first smart home cybersecurity hub, Bitdefender regularly audits popular IoT hardware for vulnerabilities. This research paper is part of a broader program that aims...

As the creator of the world’s first smart home cybersecurity hub, Bitdefender regularly audits popular IoT hardware for vulnerabilities. This research paper is part of a broader program that aims...

Researchers has uncovered a decade-long botnet operation by a Romanian group dubbed RUBYCARP. This group focuses on financial gain through cryptomining, phishing, and DDoS attacks, utilizing...

On 2024-04-09, a campaign was reported, involving 0ktapus, gaining initial access via End-user compromise, while using Exfiltration via AWS Transfer, Exfiltration via AWS DataSync, Cloud API e, to...

On 2024-04-09, a research was reported, involving , gaining initial access via Cloud native misconfig, targeting Azure Storage to achieve Resp. disclosure.

Web servers are not exposing files on a server in a simple way anymore. Instead, they use proxy's, load balancers and fetch responses from other servers locally. Weird application routing can be...

Find out quickly where OS and open-source packages or libraries are deployed in your cloud environments and secure them before potential issues arise.

Chromium, the underlining browser engine that powers Opera, is highly customizable as a browser. The developers of the user facing browser can add custom APIs to it. Additionally, browsers have...

Chromium, the underlining browser engine that powers Edge, is highly customizable. For instance, there is a file called _api_features.json that stores permissions for vendor-specific APIs....

Wiz researchers discovered architecture risks that may compromise AI-as-a-Service providers and put customer data at risk. Wiz and Hugging Face worked together to mitigate the issue.

IBC on Cosmos is a generalized way for crosschain communication. In the case of Comdex, they were using IBC to get oracle price updates from Band. The IBC protocol itself is trustless and...

The impact that AI has on society has steadily crept into the darkest nooks and crannies of the internet. So much so that cybercrooks are hitching free rides on the AI bandwagon by leveraging the...

The impact that AI has on society has steadily crept into the darkest nooks and crannies of the internet. So much so that cybercrooks are hitching free rides on the AI bandwagon by leveraging the...

Morpho Blue is a lending protocol that took security extremely serious from the ground up. So, their perspective on how to make a protocol unhackable is truly interesting. For their security...

The Ethereum Virtual Machine (EVM) has EIPs for various large or VM breaking changing. At some specific point, these changes are made to the VM and are there until some other change is made. When...

Wiz found two critical security risks that were present in Hugging Face’s environment:Specifically, Wiz Research showed that an attacker targeting Hugging Face could have achieved the...

We explore assessment, prevention, and detection strategies for protecting your organization from the XZ Utils vulnerability.

Those who have worked in our industry for a certain amount of time will be acutely aware that executives often encounter information security media articles and flag them to their teams. This is...

At hacker congress this year, some of the folks found a vulnerability in the check in kiosk. Shocker! When checking in at the hotel terminal, the lookup function required an alphanumeric booking...