Global organizations continue to struggle against the rising tide of application-specific and web-application attacks. In fact, 50% of all sites tested by NTT Application Security were...
APT35 (aka Charming Kitten, TA453, or Phosphorus), suspected of being an Iranian nation-state actor, started widespread scanning and attempted to leverage Log4j flaw in publicly facing...
Vulcan Cyber announced the latest results of its ongoing research into vulnerability risk prioritization and mitigation programs. Its findings highlight the struggle of IT security teams...
Threat actors are actively exploiting a critical security flaw in Java logging library Apache Log4j. Log4j is an open-source, Java-based logging utility widely used by enterprise...
Bugcrowd released its annual Inside the Mind of a Hacker ’21 report, which provides CIOs and CISOs insight on ethical hackers and the economics of security research. New...
In the opening column of this series, “Emerging Technology, Evolving Threats,” [check out Part I here and Part II here], I wrote about quantum computing —...
Salt Security released new API threat research from Salt Labs detailing Elastic Injection attacks. The research highlights a widespread API vulnerability that results from the misimplementation of...
A Python exploit gives access to more than 10,000 API (Application Programming Interface) keys via Wayback Machine, a project that archives the content of internet sites. While...
Threat actors have started to actively exploit critical Microsoft Azure vulnerabilities, just days after Microsoft disclosed them during September’s Patch Tuesday. The OMIGOD flaw, CVE-2021-3864, was discovered by...
The Wiz Research Team recently found four critical vulnerabilities in OMI, one of Azure’s most ubiquitous yet least known software agents, and is deployed on a large portion...
Recent Comments