NextGEN Gallery – SQL Injection
NextGEN Gallery - SQL Injection NextGEN Gallery version prior to 4.2.1 are vulnerable to authenticated SQL injection via the 'orderby' parameter on the REST...
Steganography Secrets: Malware Hidden in Plain Sight
By: Jacob Malimban, Intelligence TeamThreat actors are abusing image file hosting websites and file sharing services to deliver malware while evading enterprise security controls....
Stanford’s AI Index Report 2026 meets the security reality in financial services
AI is becoming core to financial services. But as adoption scales, so does risk. Without secure, real-time data, strong governance, and cyber resilience, AI...
Microsoft Exchange ProxyShell Scanning Doubles in April 2026 as Two Distinct Campaign Clusters Emerge
Sensor Intel Series: April 2026 CVE Trends - Read more
macOS Malware Installs Fake Google Software Update LaunchAgent for Persistence
macOS users are facing a new and sophisticated threat as a variant of the SHub infostealer malware, dubbed “Reaper,” has been observed deploying a...
CIRT insights: How to help prevent unauthorized account removals from AWS Organizations
The AWS Customer Incident Response Team works with customers to help them recover from active security incidents. As part of this work, the team...
Contractor’s public GitHub account exposed GovCloud and CISA credentials
Until a few days ago, a publicly-accessible GitHub repository exposed credentials for both US government AWS accounts and internal Cybersecurity...
Microsoft Confirms Windows Update Bug Blocking Security Fixes
Microsoft confirmed that KB5089549 can fail with error 0x800f0922 on Windows 11 devices with low EFI partition space, and shared workarounds are available.
The post...
Governing infrastructure as code using pattern-based policy as code
Organizations often struggle to enforce security and compliance requirements consistently across their cloud infrastructure. In one environment, a workload might be deployed in an...
Latest article
Hackers Publish Malicious Python Package Mimicking Legitimate Parsimonious Parser
A deceptive Python package quietly made its way into the PyPI repository, putting thousands of developers at risk before it was caught and removed....
Microsoft identifies seven new ways AI agents can be hacked
Microsoft has identified seven new failure modes in agentic AI systems, in addition to those it identified last year in...
Building secure B2C applications with fine-grained access control using Amazon Cognito and Amazon Verified...
Modern web applications require robust security controls to protect user data and application resources. Authentication and authorization are two fundamental pillars of application security...
3 Principles to Safely Scale Agentic AI
- Read more
