Click any tag below to further narrow down your results
Links
This article explains the design and functionality of the new Sanitizer API being integrated into browsers for HTML sanitization. It highlights how the API aims to prevent XSS vulnerabilities by eliminating the need for ambiguous parsing and ensuring context sensitivity during input processing.
Chinese phishing groups are now sending scam SMS messages about unclaimed tax refunds and rewards points, aiming to steal payment card data. They create fake e-commerce sites that look legitimate, making it difficult for consumers to spot the fraud until it's too late. Experts warn that this increase in scams often coincides with the holiday shopping rush.
AirFrance-KLM transformed its automation platform using Terraform, Vault, and Ansible to enhance security, compliance, and efficiency. The shift from compliance-by-construction to compliance-by-guardrails streamlined their processes, reducing provisioning time and errors while maintaining governance.
SharePointDumper is a PowerShell utility that extracts and audits SharePoint sites using Microsoft Graph. It requires an OAuth2 access token and provides detailed reports of accessed sites and downloaded files, making it useful for security assessments.
Over 10,000 Docker images on Docker Hub are leaking sensitive credentials, including API keys and cloud access tokens, according to security firm Flare. Many of these leaks originate from unmonitored developer accounts, putting critical infrastructure at risk. Even when developers remove secrets, the underlying credentials often remain active, leaving systems vulnerable.
Anthropic has partnered with the Python Software Foundation, providing $1.5 million to improve security in the Python ecosystem. This funding aims to protect users from supply-chain attacks and may benefit other open-source projects as well.
This article introduces Opti, an AI-driven identity and access management (IAM) tool designed to enhance security and streamline processes. It emphasizes how Opti analyzes access behavior and automates risk remediation, aiming to reduce manual oversight and improve compliance.
This GitHub repository offers a comprehensive checklist for securing your digital life. It includes a website for easy navigation, a raw data file for modifications, and an API for accessing checklist data. Users can clone the repo, run it locally, or deploy it on various platforms.
Apex Legends players faced disruptions as hackers took control of their characters during matches, changing nicknames and causing disconnections. Respawn confirmed the incident but clarified it wasn't due to an exploit or malware. They hinted at a connection to cheats and resolved the issue within hours.
CISA has mandated that U.S. government agencies patch a serious remote code execution vulnerability in Gogs, identified as CVE-2025-8110. This flaw, stemming from a path traversal issue, allows attackers to overwrite files outside the repository and execute arbitrary commands. Over 1,400 Gogs servers remain exposed, with a second wave of attacks observed recently.
The Bank for International Settlements and several central banks tested post-quantum cryptography to enhance payment system security against quantum computing threats. Their experiment successfully switched traditional digital signatures to post-quantum methods, highlighting the need for further testing due to performance differences.
This article discusses how machine learning techniques can improve acoustic eavesdropping attacks using gyroscopes and accelerometers in smartphones. It highlights recent research that bypasses the need for microphone access by utilizing these sensors to extract speech data. The series will explore the success of previous projects and attempt to reproduce and enhance their results.
OpenClaw has added VirusTotal's malware scanning to its ClawHub marketplace after finding 341 malicious skills in its platform. This integration scans all published skills for known malware, but experts warn it won't catch all threats, particularly those using prompt injection techniques.
Greptile automates code review in GitHub and GitLab, providing context-aware comments on pull requests. Teams can customize coding standards and track rule effectiveness to improve code quality and speed up merges. It supports multiple programming languages and offers self-hosting options.
There's a security flaw in the Amazon WorkSpaces client for Linux that affects versions 2023.0 to 2024.8. This flaw can allow local users to access another user's authentication token, potentially giving them access to their WorkSpace. To fix this, users should upgrade to version 2025.0 or later.
This article discusses a security vulnerability in the Netty library related to SMTP command injection, allowing attackers to manipulate email sending. The flaw bypasses established email security protocols like SPF, DKIM, and DMARC. The author highlights the role of AI in discovering the vulnerability and generating a patch.
This article explores methods to bypass device enrollment restrictions in Microsoft Intune, particularly focusing on how attackers can register fake devices to access corporate resources. It details the enrollment process, the types of restrictions, and specific techniques to circumvent them.
The libxml2 library recently lost its sole maintainer, Nick Wellnhofer, raising concerns about its future, especially in light of potential security vulnerabilities. Despite the voluntary nature of the work, the heavy demands and lack of support led to Wellnhofer's burnout. Thankfully, two new developers have stepped in, but the situation underscores ongoing challenges in maintaining open-source projects.
A new attack called TEE.fail compromises the security of Trusted Execution Environments (TEEs) from Nvidia, AMD, and Intel. It utilizes a simple hardware method that, once executed, renders these TEEs untrustworthy, even if the operating system kernel is compromised. This raises significant concerns about the security claims made by chipmakers regarding their TEEs.
The article outlines recent updates in Azure Networking, focusing on enhancements in security, reliability, and scalability for AI and cloud applications. Key features include improved NAT Gateway architecture, advanced traffic management tools, and high-capacity connectivity options for organizations. It emphasizes Azure's role in supporting the next generation of cloud solutions.
This article details how attackers can misuse AWS CLI aliases to stealthily maintain persistence in cloud environments. It explains the mechanics of creating malicious aliases that preserve normal command functionality while executing harmful actions, such as credential exfiltration. A proof of concept demonstrates the technique in action.
This article discusses how Teleport offers a vault-free solution for managing privileged access across human, machine, and AI identities. It highlights the benefits of just-in-time access and unified identity control, which enhance security and simplify operations compared to traditional PAM systems.
The article discusses imper.ai, a startup that raised $28M to combat AI impersonation scams. Their technology detects and stops social engineering attacks in real time across various communication channels, analyzing signals like device fingerprints to identify threats. This aims to protect organizations from impersonation attempts and fraudulent requests.
Cisco has patched a serious remote code execution vulnerability (CVE-2026-20045) in its Unified Communications and Webex Calling products, which has been actively exploited in attacks. The flaw allows attackers to gain elevated access on affected systems through crafted HTTP requests. Users are urged to update their software as there are no effective workarounds.
The article discusses a recent hacking incident involving an X account. The account's owners noticed suspicious activity after receiving a strange link that seemed to employ social engineering tactics, leading them to suspect a compromise attempt.
cURL's maintainer, Daniel Stenberg, has shut down the project's bug bounty program due to an overwhelming number of low-quality, AI-generated submissions. He hopes this will encourage more meaningful bug reports while maintaining public accountability for poor submissions.
Infisical is an open-source tool for managing secrets and application configurations. It allows teams to sync secrets across various platforms, maintain version control, and prevent leaks. The platform also supports features like secret rotation, dynamic secrets, and integration with Kubernetes.
Sweet Security offers a comprehensive solution for cloud defense, leveraging AI to identify and prioritize vulnerabilities. It provides real-time visibility and rapid response to threats, helping organizations secure their environments without frequent scans. The platform also simplifies compliance and governance processes.
This article examines the average lifespan of kernel bugs, revealing they typically go undetected for over two years, with some lasting nearly 21 years. It highlights a tool that identifies historical bugs and discusses trends in bug discovery, particularly improvements in recent years.
Zimperium zLabs discovered over 760 Android apps misusing NFC and HCE to steal payment data, with a notable increase in attacks since April 2024. These malicious apps impersonate trusted institutions and operate through a command-and-control system, making detection difficult. Financial institutions and users need to be wary of unfamiliar apps requesting NFC access.
The article discusses the potential risks of AI skills that operate with system access, highlighting how they can execute harmful commands before any review. It emphasizes the importance of treating these skills as executable code, especially in environments where trust relationships exist, making lateral movement and persistence possible. Non-technical users need to be cautious when granting permissions to ensure security.
This article discusses the security vulnerabilities associated with GitHub Actions, highlighting issues like secrets management failures, insufficient permission management, and dependency pinning failures. It emphasizes the importance of understanding these risks to protect CI/CD workflows from potential attacks.
This article details the author's development of a Sysmon configuration designed to track Remote Monitoring and Management (RMM) tools using the LOLRMM framework. It outlines the process of testing various installers, sandboxing them, and refining filters to improve detection capabilities. The configuration is a work in progress, with sections already completed and others pending review.
This article discusses the security risks associated with trust-based models in popular IDEs like VS Code and Cursor, highlighting vulnerabilities that can be exploited by malicious extensions. It introduces IDE-SHEPHERD, an open-source extension that monitors and blocks harmful operations in real-time, offering a more granular trust model and enhanced protections for developers.
Cybersecurity experts found a new Android spyware, RadzaRat, disguised as a file manager app. It grants hackers full control over devices, including keylogging capabilities, and is undetectable by antivirus programs. The malware is easily accessible online and can be deployed by anyone with basic skills.
A typosquatted npm package named “@acitons/artifact” impersonated the legitimate “@actions/artifact” to exploit GitHub's CI/CD workflows. It stole tokens from build environments and published malicious artifacts, highlighting vulnerabilities in supply chain security.
This article analyzes the vulnerabilities of the Model Context Protocol (MCP) used in coding copilot applications. It identifies critical attack vectors such as resource theft, conversation hijacking, and covert tool invocation, highlighting the need for stronger security measures. Three proof-of-concept examples illustrate these risks in action.
Cloudflare experienced significant network failures in November and December 2025, prompting them to launch a "Code Orange: Fail Small" initiative. This plan focuses on improving the resilience of their network by implementing controlled rollouts for configuration changes, enhancing failure handling, and streamlining emergency response processes.
HashiCorp's Consul 1.22 introduces significant improvements in security, telemetry, and user experience. Key features include an AI-driven MCP server for easier management and enhanced OIDC authentication with private key JWT. The update also streamlines backup processes on Azure using managed identities.
This article analyzes a malicious Visual Studio Code extension that implements ransomware-like behavior. It highlights how the extension encrypts files, uploads sensitive data, and communicates with a command and control server via a private GitHub repository. The piece questions how such obvious malware passed the marketplace review.
This tool generates Windows PE executables that trigger YARA rule matches, helping users validate their malware detection signatures. It automates the creation of test files based on specific patterns, ensuring effective scanning and rule accuracy. Safe to use, the executables exit immediately without executing harmful code.
This article discusses how Material provides a comprehensive security solution for Google Workspace, protecting Gmail, Drive, and user accounts from various attacks. It highlights features like automatic threat detection, remediation, and continuous security monitoring tailored to Google’s environment.
Xint Code is a new tool that automates the analysis of source code and binaries to find critical security vulnerabilities without human intervention. It recently identified major RCE bugs in popular databases, outperforming human teams at the ZeroDay Cloud competition. The tool aims to enhance security in open-source projects through responsible deployment.
Google introduced Agent Sandbox, a new feature for Kubernetes that enhances security and performance for AI agents. It allows rapid provisioning of isolated environments for executing agent tasks, optimizing resource use while maintaining strong operational guardrails. GKE users can also leverage Pod Snapshots for faster start-up times.
SquareX's research reveals a concealed MCP API in the Comet browser that allows extensions to execute commands and access user devices without permission. This breach of security principles raises concerns about potential exploitation and the lack of transparency surrounding embedded extensions.
This article outlines a security awareness training program that includes interactive deepfake simulations and custom AI-generated content. It emphasizes engaging, bite-sized lessons and updates to keep employees informed about current threats like phishing.
This article introduces Prime, a tool that enhances security by identifying design flaws in software projects before coding starts. It integrates with popular engineering tools to streamline security processes, allowing teams to focus on more critical tasks. Prime ensures customer data security and operates within a dedicated environment.
Flickr informed users of a data breach linked to a third-party email service that may have exposed personal information, including names, email addresses, and user activity. The company has shut down the affected system and is reviewing its security practices while advising users to check their account settings. No passwords or financial data were compromised.
Gixy-Next is an open-source tool that scans NGINX configuration files for security misconfigurations and performance issues. It improves on the original Gixy by adding support for modern systems and enhancing detection capabilities. Users can run it locally or in a browser.
The article discusses CVE-2025-66516, a severe vulnerability in Apache Tika that can lead to XML External Entity (XXE) attacks. This flaw affects several Tika components and allows attackers to inject malicious files, posing serious risks to systems if not patched immediately. Users are urged to update all affected modules to mitigate the threat.
A flaw in Microsoft Teams allows users to join unprotected external tenants when accepting guest invitations, bypassing Defender for Office 365 protections. This gap exposes users to potential phishing and malware risks, as attackers can exploit cross-tenant security weaknesses. Organizations are urged to tighten their guest access policies to mitigate these risks.
ZeroPulse is a Command & Control (C2) platform focused on secure remote management using Cloudflare Tunnel technology. It's currently in active development and offers features like remote command execution, session management, and a modern user interface. Ideal for testing, production use should wait for a stable release.
Visa is launching a Trusted Agent Protocol to protect merchants from fraudulent bots during transactions with AI agents. This protocol uses cryptographic signatures to verify trusted agents and secure transactions, allowing AI to make purchases on behalf of consumers. It aims to enhance confidence in the agentic commerce ecosystem.
The article discusses the rising threat of digital fraud, driven by AI and sophisticated tactics like deepfakes. It emphasizes the need for businesses to adopt multi-layered verification strategies, leveraging technologies such as biometric authentication and machine learning to stay ahead of fraudsters.
Happyverse has obtained SOC 2 Type I and ISO 27001 certifications, ensuring its security standards meet enterprise requirements. The platform allows users to create lifelike video avatars for real-time conversations, enhancing user engagement and employee onboarding.
OpenSSL has released updates to address 12 vulnerabilities, including a critical remote code execution flaw. Discovered by Aisle, the issues mainly involve memory safety and parsing errors that could lead to denial of service or exploitation. The most severe flaws affect versions 3.0 to 3.6, particularly in CMS and PKCS#12 handling.
A serious vulnerability in the GNU InetUtils telnet daemon allows attackers to gain root access with a simple command, going unnoticed for nearly 11 years. Security experts urge users to update or replace telnetd, as exploitation attempts are already underway. National cybersecurity agencies recommend decommissioning telnet services due to their inherent risks.
A report from Zscaler reveals that over 239 malicious Android apps were downloaded 42 million times from Google Play between June 2024 and May 2025. The rise in malware includes banking trojans and spyware, with a notable shift towards social engineering tactics. India, the U.S., and Canada are the top targets, while adware has become the most detected threat.
Kubernetes 1.35 introduces five key features that improve Day 2 operations, including in-place pod resource updates and fine-grained supplemental group control. These enhancements streamline resource management, security, and network efficiency for containerized applications.
The article reveals how Claude Cowork is vulnerable to file exfiltration attacks due to unresolved flaws in its code execution environment. Attackers can exploit prompt injection to upload sensitive user files to their accounts without any human approval. The risks are heightened by the tool's integration with various data sources, making it essential for users to remain cautious.
A vulnerability in K7 Ultimate Security allows low-privileged users to gain SYSTEM-level access by manipulating registry settings through named pipes. Despite attempts to patch the issue, attackers can exploit this flaw to disable protections or execute arbitrary code. Users are advised to update to the latest version.
The UK Foreign Office has confirmed a cyberattack, first reported in October, but details remain unclear. Officials state that while there is speculation about Chinese involvement and potential data theft, they assert that no individuals are at risk from the breach.
This article explores how certain developer behaviors lead to insecure software. It examines these behaviors through the lens of behavioral economics and proposes strategies to encourage better coding practices.
This article outlines how developers in Japan can use alternative browser engines in iOS apps. It details the requirements for both dedicated browser apps and in-app browsing, including security and privacy commitments developers must meet to gain authorization.
Check Point Research identified critical vulnerabilities in Microsoft Teams that allow attackers to manipulate messages, spoof notifications, and impersonate users. Four specific types of attacks were detailed, highlighting the potential for business email compromise and identity fraud. Microsoft has issued fixes for these issues, but concerns remain about security.
On Black Friday, Visa reported blocking 280% more suspected fraudulent transactions in the UK compared to previous years. This reflects a stronger defense against fraud targeting shoppers during the holiday sales.
This article explains how attackers exploit identity relationships to breach systems. It introduces Identity Attack Path Management (APM) as a strategy to visualize and prioritize risks based on attacker behavior, helping organizations focus on the most critical vulnerabilities. It also outlines key components and tools for effective APM.
Researchers revealed a serious security flaw in Docker's Ask Gordon AI that allowed attackers to execute code and steal sensitive data. The vulnerability, called DockerDash, exploited unverified metadata in Docker images, which the AI treated as executable commands. Docker has fixed the issue in version 4.50.0.
The article explores the concept of AI-native Static Application Security Testing (SAST) and its potential to enhance traditional security tools. It discusses the limitations of current AI models in bug detection and emphasizes the importance of combining AI with static analysis for better results. The author also outlines a blueprint for integrating AI into security tooling.
Lynis is a security auditing tool for UNIX-based systems like Linux and macOS. It scans for vulnerabilities, configuration issues, and compliance with standards such as ISO27001 and PCI-DSS. System administrators and security professionals use it to enhance system defenses.
The Agentic Threat Hunting Framework (ATHF) organizes and retains threat hunting knowledge using a structured approach. It allows teams to document past investigations, making them accessible for future reference and AI assistance. ATHF supports various hunting methodologies and integrates with existing tools for enhanced efficiency.
Anthropic has committed $1.5 million to the Python Software Foundation to enhance security in the Python ecosystem, focusing on protecting users from supply-chain attacks. The funding will support new tools for package review and strengthen the PSF's ongoing community efforts.
The article details the author's encounter with abusive bots that requested a non-existent JavaScript file, revealing their strategies and behaviors. It discusses various methods for identifying and countering these bots, including IP blocking and potential counter-offensive techniques like zip bombs. The author emphasizes the importance of understanding bot behavior to effectively safeguard web content.
The author reports a security vulnerability in Okta's nextjs-auth0 project and submits a patch, but the contribution is misattributed to another developer. Despite raising concerns, the maintainer acknowledges using AI for the commit, resulting in confusion and unresolved issues around proper credit. The author questions the reliability of AI tools and raises concerns about Okta's response to security vulnerabilities.
This article reviews an analysis of over 200,000 Rust crates to assess their maintenance, developer engagement, and security. It highlights trends like the rise of abandoned crates, inactive dependencies, and security risks, while also noting the resilience and growth of active developers in the ecosystem.
Spain's Ministry of Science has partially shut down its IT systems following a cyberattack claim by a hacker group. The breach reportedly involved sensitive data, and the ministry is currently assessing the situation while suspending administrative procedures.
President Trump has ordered the cancellation of a $2.9 million deal involving Emcore Corp's chip technology due to concerns over U.S. security. The deal was at risk because HieFo Corp. was set to retain control over the technology.
Microsoft announced new features at Ignite 2025, focusing on Azure Copilot, which automates cloud management tasks like migration and optimization. The updates also highlight advancements in Azure's AI infrastructure, enhancing performance and scalability across services.
This article discusses a proof-of-concept for sleep obfuscation on Linux using sigreturn-oriented programming (SROP). It focuses on encrypting PT_LOAD segments and the heap to enhance security. The approach aims to protect processes from certain types of attacks.
This article reviews key Internet trends and patterns observed by Cloudflare in 2025, including the rise of generative AI, traffic growth, and mobile versus desktop usage. It also highlights security measures and the evolving landscape of bots and crawlers.
This article explains how to integrate FortiGate Next-Generation Firewall (NGFW) with AWS Gateway Load Balancer for improved security in hybrid environments. It highlights the benefits of centralized traffic inspection and policy management, simplifying compliance and threat prevention. A free 30-day trial is available for evaluation.
This cheat sheet outlines effective ways to discover, validate, and protect API keys and credentials throughout your software development lifecycle. It includes practical examples, tips on ownership, and guidance on securing vaults without hindering development. It's a useful resource for teams looking to manage secrets more effectively.
This article outlines Blumira's security operations platform, highlighting its key features like AI-powered threat analysis and real-time monitoring. It emphasizes the platform's user-friendliness and quick deployment, aiming to streamline security processes for IT teams.
This article outlines how a financial services organization shifted from annual pentesting to weekly security validations. This change allowed them to rapidly identify and remediate vulnerabilities, improving overall security posture and visibility into real-world risks.
A security researcher has criticized Apple's macOS bug bounty program for significantly lowering payouts for certain vulnerabilities. Despite increasing rewards for high-profile exploits, many macOS categories now offer much smaller financial incentives, which could discourage researchers from reporting flaws.
Xano offers a fast way to create production-ready backends, including APIs and databases, without extensive coding. It features visual editing, AI-assisted logic, and strong security measures, making it suitable for developers who need to scale applications efficiently.
Researchers have discovered that a key obstacle to online fraud can be circumvented for just a few cents. This finding raises concerns about the security of online transactions and the effectiveness of current fraud prevention measures.
SoundCloud confirmed a cyberattack that compromised data from 20% of its users, including email addresses and public profile information. The company quickly contained the breach and is enhancing its security measures to prevent future incidents. Misconfigurations caused temporary issues for some users on VPNs, but SoundCloud is working to resolve them.
This article invites you to schedule a demo of the Huntress platform, which offers managed detection and response tools for endpoints and Microsoft 365. You can explore the dashboard, learn about services, and interact with Huntress experts during the session.
The article critiques Zoom's privacy practices and compares them to more secure alternatives like Jitsi. It highlights the risks of using Zoom, including data collection and lack of transparency, while advocating for better security and privacy in online communications.
This handbook covers the origins of JSON Web Tokens (JWT), the problems they address, and the various algorithms for signing and encrypting them. It also includes best practices and recent updates for effective use of JWTs.
This article explores vulnerabilities in various Object Relational Mappers (ORMs), focusing on how improper filtering can expose sensitive data. It highlights specific cases in Beego and Prisma ORMs and discusses exploitation methods, including time-based attacks. The authors also provide tools for detecting these vulnerabilities.
This article discusses a proposed registry for bots and agents that enables website operators to discover and verify public keys for cryptographic authentication. It outlines the implementation of Web Bot Auth and the signature-agent card format, aimed at fostering a trustworthy ecosystem for web traffic management.
Malcontent is a tool designed to detect supply-chain malware using context analysis and differential methods. It supports various file formats and programming languages, analyzing Linux programs primarily, but also works with macOS and Windows. It features three modes: analyze, diff, and scan, allowing for in-depth examination of program capabilities and risks.
This article explains ThreatLocker’s Defense Against Configurations (DAC) dashboard, which identifies and addresses system misconfigurations that can lead to cyberattacks. DAC provides real-time visibility into configuration issues, offers remediation guidance, and aligns settings with compliance standards.
Norwegian intelligence reported that the Salt Typhoon campaign, linked to Chinese state-sponsored hacking, has compromised network devices in the country. The threat assessment highlights the growing risk from foreign intelligence operations, especially from China, Russia, and Iran, and stresses the need for improved security measures.
The French Soccer Federation suffered a cyberattack that compromised member data, including names and contact information. The breach was traced to a compromised account, which has since been disabled and secured. The federation has filed a complaint regarding the incident.
This article explores how new diagnostic codes and AI-driven solutions are reshaping healthcare operations, from billing to patient care. It also discusses the convergence of cyber and physical security in public and private sectors, emphasizing the need for unified systems to enhance safety and efficiency.
The article discusses the impact of quantum computing on blockchain security, highlighting the risks of "harvest now, decrypt later" attacks. It examines the current state of blockchain protocols, particularly Bitcoin and privacy chains, and emphasizes the need for transitioning to post-quantum cryptographic methods to safeguard against future threats.
This article guides you through creating a secure project management platform using Next.js, Clerk for authentication, and Neon for database management. It emphasizes best security practices at each step, from user authentication to protecting database access. The project features collaborative tools like task management and user invitations.