As a veteran CISO for state and local agencies, Orange County CISO Andrew Alipanah knows how to optimize security functions within impossibly tight budgets. In […]
Only 49% of companies to increase cyber budget after a breach
The long held conventional wisdom that organizations commit to increased cybersecurity investments only after a breach has taken a hit. IBM’s latest annual Cost of […]
African Law Enforcement Agencies Nab Cybercrime Syndicates
African nations work with Interpol and private-sector partners to disrupt cybercriminal operations on the continent, but more work needs to be done. The original article […]
Hackers Abuse Compromised OAuth Tokens to Access and Steal Salesforce Corporate Data
Google Threat Intelligence Group (GTIG) has issued an advisory concerning a broad data theft operation targeting corporate Salesforce instances via the Drift integration. Beginning as […]
Critical Chrome Use-After-Free Flaw Enables Arbitrary Code Execution
Google has released an urgent security update for the Chrome Stable channel to address a critical use-after-free vulnerability in the ANGLE graphics library that could allow attackers […]
Citrix NetScaler ADC and Gateway Hit by Ongoing Attacks Exploiting 0-Day RCE
Cloud Software Group has issued an emergency security bulletin warning of active exploitation targeting three critical vulnerabilities in NetScaler ADC and NetScaler Gateway products. The vulnerabilities, tracked […]
LLMs easily exploited using run-on sentences, bad grammar, image scaling
A series of vulnerabilities recently revealed by several research labs indicate that, despite rigorous training, high benchmark scoring, and claims that artificial general intelligence (AGI) […]
Kubernetes Security: Wie Sie Ihre Cluster (besser) absichern
Anatoliy Eremin | shutterstock.com Kubernetes hat sich unter Enterprise-Softwareentwicklern zu einem durchschlagenden Erfolg entwickelt. Das veranlasst kriminelle Hacker zunehmend dazu, entsprechende Installationen mit speziell entwickelten […]
Attackers steal data from Salesforce instances via compromised AI live chat tool
A threat actor managed to obtain Salesforce OAuth tokens from a third-party integration called Salesloft Drift and used the tokens to download large volumes of […]
New ZipLine Campaign Targets Critical Manufacturing Firms with In-Memory MixShell Malware
Check Point Research has uncovered a highly persistent phishing operation dubbed ZipLine, which reverses traditional attack vectors by exploiting victims’ own “Contact Us” web forms […]