On March 14, 2025, the popular GitHub action tj-actions/changed-files was compromised, exposing secrets in CI logs. GitGuardian's analysis identified leaked secrets like GitHub tokens, AWS keys, and more.

Security experts

In this post, we introduce Web-based Code Assurance and Transparency, a project that supports verifiable in-browser code for single-page browser applications. Along with this post, we are publishing the WEBCAT project repository; follow-up posts will provide…

MacBook Air laptop with the superfast M4 chip. Built for Apple Intelligence. Lightweight, with all-day battery life. Now in a new Sky Blue color.

It’s us again!

Once again, we hear the collective groans - but we're back and with yet another merciless pwnage of an inspired and clearly comprehensive RCE solution - no, wait, it's another vuln in yet another backup and replication solution..

While we…

We guard your domain, so you have peace of mind. Threat Visibility Platform.

Strengthen Windows endpoint security with the all-in-one powerful Scalefusion UEM. Unlock unmatched security with zero trust architecture.

How OSINT Exploits Password Recovery Flows to Expose Your Digital Identity

Common misconfigurations in on prem VM environments

Web browsers store bookmarks in plain text, making them vulnerable to malware, unauthorized access, profiling, and potential regulatory risks.

Technical details outlining how this Palo Alto vulnerability could be exploited by an Administrator-level user account to disable Cortex XDR.

TraceFind is a powerful OSINT tool that helps you gather intelligence on emails, usernames, and phone numbers. Enhance your investigations with precise and comprehensive data collection.

Scan login pages for exposed secrets, API keys, and embedded URLs. Professional security tool for developers and security teams.

Discover when profile pictures were uploaded across Instagram, Facebook, and WhatsApp. Professional OSINT tool for social media investigation.

## Launch Announcement of Subnoscriptions for Individuals

After a decade of proven success in university settings, we're excited to announce the public laun...

Congressional failure to act and how America can leverage its citizenry on the global cyber battlefield

This critical vulnerability allowed attackers to bypass authentication implemented in the middleware layer. With the popularity of this framework on the internet and within our customers' attack surfaces, our Security Research team took a deeper look at the…

Defensive tools like AVs and EDRs rely on command-line arguments for detecting malicious activity. This post demonstrates how command-line obfuscation, a shell-independent technique that exploits executables’ parsing “flaws”, can bypass such detections. It…

Tuned by world-class offensive security experts, our AI agent, Takumi, uncovers critical vulnerabilities within your codebase that other tools miss, such as business logic bugs and broken authorizations. This allows you to receive actionable alerts with minimal…

We are honored to have first U.S. Secretary of Homeland Security Tom Ridge on our team as Board Advisor. He inspired our CEO, Sai Huda, to found CyberCatch.