The digital war of tomorrow pitches generative AI against digital ID

The recent 3CX data breach highlights that organizations can't afford to overlook the risks presented by software supply chain attacks.

As AI / Machine Learning (ML) systems now support millions of daily users, has our understanding of the relevant security risks kept pace with this wild rate of adoption?

Application security issues found by Assetnote

AhnLab Security Emergency response Center (ASEC) has recently discovered XMRig CoinMiner being installed on poorly managed Linux SSH servers. The attacks have been happening with a distinct pattern since 2022: they involve the usage of malware developed with…

This blog was co-authored by Elia Florio, Sr. Director of Detection & Response at Databricks and Florian Roth and Marius Bartholdy, security researchers with SEC Consult.

Fully customisable, offensive security reporting solution designed for pentesters, red teamers and other security-related people alike. - GitHub - Syslifters/sysreptor: Fully customisable, offensiv...

AWS Identity Center is one way of managing access to AWS Accounts. With AWS Identity Center (previously SSO), there exists multiple pathways to privilege escalation. In this blog post, we cover Identity Center, research into the inner workings of cloud…

JSON Web Tokens (JWT) are widely used for authentication in modern applications. As their use increases, so does the importance of…

In March and April 2023, we observed a type of ransomware targeting its victims via a minimalistic approach with tools that leave only a minimal footprint behind. Our findings revealed many of the preparations made by the perpetrators and how quickly they…

RecordBreaker is a new Infostealer that appeared in 2022 and is known as the new version of Raccoon Stealer. Similar to other Infostealers, such as CryptBot, RedLine, and Vidar, it is a major malware type that usually disguises itself as a software crack…

Lately, I’ve been reverse engineering a reasonably complex network protocol, and I ran into a mystery - while the protocol is generally an unencrypted binary protocol, one of the messages was large and random. In an otherwise unencrypted protocol, why is…

The issue could then allow the malicious actor to generate arbitrary logs which can trigger malicious commands to be run with elevated privileges.

Security scanning orchestration and results enrichment framework -- forked and rewritten from @thought-machine/dracon - GitHub - ocurity/dracon: Security scanning orchestration and results enrichme...

Learn how the new OpenPubkey protocol advances cryptographic signature technology while bolstering OpenID Connect MFA.

By: Arnar Birgisson and Diana K Smetters, Identity Ecosystems and Google Account Security and Safety teams Starting today , you can create a...

How to use a new model to build trust in your software supply chain elements through a comprehensive compliance platform turning building blocks into verifiable evidence.

The threat intelligence team of Cleafy analyzed undercovering drIBAN fraud operations. Read here the first episode of the series of technical analysis.