Microsoft Disrupts Malware-Signing Service Used by Ransomware Gangs
Microsoft disrupted Fox Tempest, a malware-signing service accused of abusing Azure certificates to disguise ransomware and malware as trusted software.
The post Microsoft Disrupts Malware-Signing...
Why Policy in Amazon Bedrock AgentCore chose Cedar for securing agentic workflows
Agents have agency: they adapt and find multiple ways to solve problems. This autonomy creates a fundamental security challenge: the large language model (LLM)...
AWS Security Hub Extended: Why enterprise security products should sell themselves
Our largest security services customers started the same way every customer does – with a click. They enabled Amazon GuardDuty, Amazon Inspector,...
CISA Contractor Exposed Sensitive Credentials in Public GitHub Repository
CISA is investigating after a contractor’s public GitHub repository exposed AWS GovCloud credentials, internal files, and passwords.
The post CISA Contractor Exposed Sensitive Credentials in...
Spanish police ‘systematically’ hid cryptophone intercepts from courts, claims ex chief
Former Spanish police chief, on trial for drug trafficking, claims UK and Colombian police assisted in creating fictitious intelligence reports to hide use of...
Bulgaria fires up Google Cloud for national cyber security
The Bulgarian national systems integrator, BIS, has deployed Google Cloud’s Cybershield government security service as part of a national federated SOC deployment -...
Operationalizing CTEM Faster: Build Surface Command Dashboards in Minutes
Modern attack surfaces don’t sit still.Cloud expansion, SaaS sprawl, identity complexity, and shadow IT are continuously reshaping organizational risk. For security leaders, visibility isn’t...
CISA Adds Seven Known Exploited Vulnerabilities to Catalog
CISA has added seven new vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation.
CVE-2008-4250 Microsoft Windows Buffer Overflow Vulnerability
CVE-2009-1537...
How an image could compromise your Mac: understanding an ExifTool vulnerability (CVE-2026-3102)
Introduction
ExifTool is a widely adopted utility for reading and writing metadata in image, PDF, audio, and video files. It is available both as a...
Surecart – SQL Injection
Surecart - SQL Injection SureCart version prior to 4.2.1 are vulnerable to authenticated SQL injection via multiple parameters ('model_name', 'model_id', 'integration_id', 'provider') on the...
Latest article
Hackers Publish Malicious Python Package Mimicking Legitimate Parsimonious Parser
A deceptive Python package quietly made its way into the PyPI repository, putting thousands of developers at risk before it was caught and removed....
Microsoft identifies seven new ways AI agents can be hacked
Microsoft has identified seven new failure modes in agentic AI systems, in addition to those it identified last year in...
Building secure B2C applications with fine-grained access control using Amazon Cognito and Amazon Verified...
Modern web applications require robust security controls to protect user data and application resources. Authentication and authorization are two fundamental pillars of application security...
3 Principles to Safely Scale Agentic AI
- Read more
