We’re excited to announce the release of a comprehensive guide to mastering Google Cloud Security.

On 2024-03-25, an incident was reported, involving an unknown actor, gaining initial access via End-user compromise, targeting GitHub to achieve Supply chain attack.

Different nodes in blockchain need to always come to the same state for a network to work. If the network is split in some way, then the network will not be able to come to consensus, taking the...

FortiGate is an SSL VPN. Recently, they described a vulnerability in their firmware that could lead to RCE. So, the authors of this post diffed the two versions, found the bug and exploited it....

Deri is a derivatives protocol on various EVM platform. Users can add/remove margin, trade and so other functionality through the Gateway contract. When removing margin, the users calls the...

Memory Tagging Extensions (MTE) is a memory corruption protection that was widely considered to be a killer of these types of bugs. The idea is to use the upper bits of a 64 bit pointer to give a...

We provide top takeaways from the NSA's recommended top ten cloud security mitigation strategies.

TL&DR – While on an assessment, I found an instance of ReCrystallize Server. It had many problems, some of which had to do with insufficient hardening on the client’s side while others were new...

On 2024-03-22, a campaign was reported, involving UNC5174, gaining initial access via 1-day vulnerability, while using Vulnerability exploitation, targeting ConnectWise ScreenConnect, F5 BIG IP,...

Substrate is a framework for building application specific blockchains within the Polkadot ecosystem written in Rust. Each new chain inherits the security of the main chain, which is why it's a...

Wiz presents a comprehensive guide to mastering cloud security at financial services organizations.

On 2024-03-21, a research was reported, involving , gaining initial access via Cloud native misconfig, targeting S3 Bucket to achieve Resp. disclosure.

Use the Wiz App to consume and analyze data more easily in Splunk via a dedicated dashboard.

Organizations can now improve their mean time to remediate (MTTR) with AI-generated remediation steps.

The statistical data presented in the report was received from ICS computers protected by Kaspersky products that Kaspersky ICS CERT categorizes as part of the industrial infrastructure at organizations.

On 2024-03-19, a campaign was reported, involving an unknown actor, gaining initial access via 1-day vulnerability, while using LOLBin abuse, targeting TeamCity to achieve Resource hijacking,...

Secure your applications across the SDLC by deploying only trusted images and monitoring your Kubernetes control plane in near-real time to detect potential threats.

Locks being controlled by computers are great, until you realize that they are subject to security vulnerabilities like everything else. This post goes through hacking a smart lock through various...

Aiohttp is a widely used open-source library for handling concurrent HTTP requests in Python applications. The ransomware group ShadowSyndicate, has been scanning for servers vulnerable to...

The Content Security Policy (CSP) is a mechanism for restrictions various components of a web page to prevent attacks. Github had revamped their CSP in 2016 and this is their article explaining...

Authored by ZePeng Chen and Wenfeng Yu McAfee Mobile Research Team has observed an active scam malware campaign targeting Android... The post Android Phishing Scam Using Malware-as-a-Service on...

Oracle Cloud Infrastructure customers can now effectively protect their sensitive data with Wiz’s Data Security Posture Management (DSPM) capabilities.

NamespaceHound is an open-source tool for detecting the risk of potential namespace crossing violations and anonymous access opportunities in multi-tenant clusters.

GPUs are parallel and fast co-processors. They are designed to handle high throughout graphics and machine learning workloads. GPUs are made up of compute units for various computations, all of...

Sonar Source people go crazy on web security issues! Definitely one of the best blogs to read through for cutting edge security research. In this case, they have a wild XSS in the Joomla CMS. The...

In January/2024, a new vulnerability burst onto the scene - CVE-2023-22527. As the next rising star, it came in with a blast, turning heads and creating buzz. “Atlassian Confluence bugs are often...

Monitor code for sensitive data to reduce the risk of accidental exposure or compliance violation.

Test your investigation skills and K8s network knowledge in a new CTF event: the K8s LAN Party Challenge!

Carriage Return - Line Feed (CRLF) or response splitting is a vulnerability where a newline can be added to an HTTP response in order to modify it. For instance, it can be used to change incoming...

Pulsedive is rolling out plan and pricing updates to Community products starting on March 11, 2024.