KyberSwap is a CLMM that was implemented from scratch. Concentrated Liquidity Market Makers (CLMM) are market makers where the liquidity is provided only within narrow bands. This allows for...

O3 is a multi-service DeFi project with bridging solutions for 10+ chains. It functions as a fairly classic bridge: send tokens to bridge contract on chain A, then a mint the representation on...

On 2023-12-15, an incident was reported, involving an unknown actor, gaining initial access via End-user compromise, while using Erase logs, Disable logging, Reverse shell, to achieve Data exfiltration.

"I was presented with 88 consoles from another account," one user reports.

We're giving kudos to the security teams at high-growth organizations who are successfully taming their cloud environments, despite limited budget and resources.

Max Groot & Erik Schamper TL;DR Introduction During incident response engagements we often encounter antivirus applications that have rightfully triggered on malicious software that was deployed...

Max Groot & Erik Schamper TL;DR Introduction During incident response engagements we often encounter antivirus applications that have rightfully triggered on malicious software that was deployed...

On 2023-12-14, a campaign was reported, involving GambleForce, gaining initial access via Web vulnerability, 1-day vulnerability, while using SQL injection, to achieve Data exfiltration.

On 2023-12-13, a campaign was reported, involving APT29, gaining initial access via 1-day vulnerability, targeting TeamCity to achieve Data exfiltration.

The whole of information/cyber security is founded on the idea that we can defend ourselves into security. But in the history of competitive endeavours nobody has won by playing defence alone. We...

Introduction 2023 was packed with a multitude of significant events that caused many to rethink their entire security strategies, especially their vendors and their team size. Unfortunately, we...

On 2023-12-12, a campaign was reported, involving Storm-1283, gaining initial access via End-user compromise, while using OAuth app creation, OAuth app hijack, to achieve Resource hijacking.

On 2023-12-12, an incident was reported, involving an unknown actor, gaining initial access via Insider threat, to achieve Data destruction.

Being a digital forensics and incident response consultant is largely about unanswered questions. When we engage with a client, they know something bad happened or is happening, but they are […]...

On 2023-12-07, a campaign was reported, involving Krasue operator, gaining initial access via Unknown, to achieve Data exfiltration. The following tools were observed: Krasue.

On 2023-12-06, a research was reported, involving , gaining initial access via End-user compromise, while using Package hijacking, to achieve Resp. disclosure.

Schneier: AI will enable a shift from observing actions to interpreting intentions, en masse.

Learn why Frost & Sullivan's Frost Radar Report describes the Wiz platform "as one of the market’s most powerful cloud infrastructure security platforms."

By Lakshya Mathur & Yashvi Shah Phishing attackers aim to deceive individuals into revealing sensitive information for financial gain, credential... The post PDF Phishing: Beyond the Bait appeared...

See what’s new with Wiz at Re:Invent 2023 and learn about how Wiz and AWS continue to strengthen their strategic partnership, keeping AWS customers’ environments secure.

Wiz is committed to building a solution that security and development teams want. With the acquisition of Raftt, we’re gaining velocity on that journey.

I recently heard about a wave of scams exploiting Booking.com users. So I went and researched it for myself. I came across a post on the r/travel subreddit about such an incident. [1]The user...

Introduction Tas (@tas_kmanager), in collaboration with Curated Intelligence, shared his research on the newly observed method of phishing utilizing chat functionality in multiple web/mobile...

AWS has named Wiz a Marketplace Partner of the Year, recognizing our practice of helping customers drive innovation while keeping security top of mind.

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 5.4 ATTENTION: Low attack complexity Vendor: Becton, Dickinson and Company (BD) Equipment: FACSChorus Vulnerabilities: Missing Protection Mechanism for...

Arguably one of the largest hacking conferences in South Africa, BSides Cape Town 2023 is around the corner and the SensePost Team is there with a jam packed agenda demonstrating our latest...

Fortiguard Labs detected numerous threat actors exploiting CVE-2023-46604 to disseminate diverse strains of malware. Their analysis unveiled the emergence of a newly discovered Golang-based botnet...

NetSupport malware variants have been a persistent threat, demonstrating adaptability and evolving infection techniques. In this technical analysis, we delve... The post Beneath the Surface: How...

Wiz’s new Chrome browser extension brings cloud security to your fingertips and streamlines access to Wiz from your cloud console.

New capabilities extend Wiz CNAPP to secure the entire software pipeline, enabling organizations to securely develop for the cloud.