Pulsedive is rolling out plan and pricing updates to Community products starting on March 11, 2024.

Researchers uncovered a malicious campaign targeting the Meson Network, a decentralized content delivery network (CDN) that leverages blockchain for bandwidth marketplace operations. This campaign...

Seneca did virtually everything wrong and then got hacked. So, sort of a funny setup. Seneca was supposed to do an audit with Sherlock but was suddenly closed for code licensing issues. They...

Woo is some sort of finance platform that is on various blockchains. Recently, they had deployed everything on Arbitrum. WOOFi has a system that adjusts the oracle prices based on trade value. By...

Introduction This blog will cover some basic vulnerability discovery methods for developing detections. In early February, Fortinet published two reports warning users of CVE-2024-23113 and...

On 2024-03-08, a research was reported, involving , gaining initial access via Cloud native misconfig, targeting S3 Bucket to achieve Resp. disclosure.

On 2024-03-08, a campaign was reported, involving Magnet Goblin, gaining initial access via 1-day vulnerability, targeting Ivanti Connect Secure VPN, Apache ActiveMQ, Magento, Qlink Sense with...

In a recent webinar hosted by Wiz, three esteemed CISOs shared their strategies for getting C-suite executives on board with plans for a comprehensive security program.

Be sure to read PART 1! Metadata and a New-Fashioned Bank Robbery Let’s face it, some cases are just more interesting than others and, when you do incident response for […] The post OSINT for...

This bulletin includes coordinated influence operation campaigns terminated on our platforms in Q1 2024. It was last updated on July 8, 2024.JanuaryWe blocked 4 domains …

Detect and mitigate CVE-2024-27198 (CVSS score: 9.8) and CVE-2024-27199 (CVSS score: 7.3), authentication bypass vulnerabilities in JetBrains TeamCity.

In this blog, we shall investigate a Russia-based mercenary group that has appeared in multiple CERT-UA reports after sending waves of spam to Ukrainian organisations. These mercenaries use tried...

Wiz customers can now secure everything they build and run on Akamai Linode Cloud, providing organizations the broadest cloud coverage out of any CNAPP

Researchers observed threat actor z0Miner targeting Korean WebLogic servers as download servers for distributing malware, including miners and network tools. It is recommended to look for...

On 2024-03-06, an incident was reported, involving an unknown actor, gaining initial access via End-user compromise, while using Cloud key compromise, to achieve Data exfiltration.

Researchers observed threat actors exploiting misconfiguration in servers running Apache Hadoop YARN, Docker, Confluence, or Redis with new Golang-based malware, which uses worm-like behavior to...

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Low attack complexity Vendor: Santesoft Equipment: Sante FFT Imaging Vulnerability: Out-of-Bounds Write 2. RISK EVALUATION Successful...

Facebook has an extra security mechanism after logging in to ensure the user is valid. This could be a captcha, MFA but is commonly referred to as a chcekpoint. This is implemented within an...

SolChat claimed to be an encrypted chat application and audio calls using WebRTC. So, the author decided to take a look at it. They first took to reviewing the JavaScript code. Since the JS map...

In the first two posts they found two vulnerabilities that were already patched in LayerZero. This time, they go through a vulnerability in a different section of code. When calling an external...

In the first part, the author goes over how the EVM part of Layer Zero works. In this part, they go over some bugs that they found within the ecosystem. Being able to shut down an individual cross...

Below is a recent Threat Brief that we shared with our customers. Each year, we produce over 20 detailed Threat Briefs, which follow a format similar to the below. Typically, … Read More

Several folks wrote about issues to look for in Cosmos-based blockchains. I have a personal list of these but it's nice to see a large external list! Cosmos is built via writing Go code at the...

zksync is a zero knowledge (ZK) project that was building out a ZK EVM. The contest had 1.1M in rewards. The winner Winnie had never touched ZK stuff before but decided to ramp up on it before the...

Youssef specializes in finding vulnerabilities in clientside JavaScript code. Specifically, with Facebook integrations. In this article, he goes through a chain of issues that led to an account...

This article is a list of different ways to get window references. When doing client side security, getting a reference to a window is big way to cause havoc. First, looking at the window. Using...

Worms could potentially steal data and deploy malware.

Authored by Yashvi Shah and Preksha Saxena McAfee Labs has recently observed a significant surge in the distribution of prominent... The post Rise in Deceptive PDF: The Gateway to Malicious...

LayerZero is a very large blockchain bridge that holds a large amount of value, as well as many cross-chain applications made by other developers. The functionality for calling is fairly simple on...

Wiz customers can now detect vulnerabilities in MacOS workloads and their software components with agentless scanning, and assess their secure configurations against built-in CIS Benchmarks for Apple MacOS