How we avoided side-channels in our new post-quantum Go cryptography libraries
The Trail of Bits cryptography team is releasing our open-source pure Go implementations of ML-DSA (FIPS-204) and SLH-DSA (FIPS-205), two NIST-standardized p...
General
20 articles
How password managers can be hacked – and how to stay safe
Look no further to learn how cybercriminals could try to crack your vault and how you can keep your logins safe
Introducing HTTP Anomaly Rank
HTTP Anomaly Rank If you've ever used Burp Intruder or Turbo Intruder, you'll be familiar with the ritual of manually digging through thousands of responses ...
Why shadow AI could be your biggest security blind spot
From unintentional data leakage to buggy code, here’s why you should care about unsanctioned AI use in your company
Balancer hack analysis and guidance for the DeFi ecosystem
.content img { border: 1px solid black; } TL;DR The root cause of the hack was a rounding direction issue that had been present in the code for many years.
In memoriam: David Harley
Former colleagues and friends remember the cybersecurity researcher, author, and mentor whose work bridged the human and technical sides of security
Sharing is scaring: The WhatsApp scam you didn’t see coming
How a fast-growing scam is tricking WhatsApp users into revealing their most sensitive financial and other data
Ground zero: 5 things to do after discovering a cyberattack
When every minute counts, preparation and precision can mean the difference between disruption and disaster
This month in security with Tony Anscombe – October 2025 edition
From the end of Windows 10 support to scams on TikTok and state-aligned hackers wielding AI, October's headlines offer a glimpse of what's shaping cybersecur...
How Android provides the most effective protection to keep you safe from mobile scams
Posted by Lyubov Farafonova, Product Manager, Phone by Google; Alberto Pastor Nieto, Sr. Product Manager Google Messages and RCS Spam and Abuse; Vijay Pareek...
Fraud prevention: How to help older family members avoid scams
Families that combine open communication with effective behavioral and technical safeguards can cut the risk dramatically
Cybersecurity Awareness Month 2025: When seeing isn't believing
Deepfakes are blurring the line between real and fake and fraudsters are cashing in, using synthetic media for all manner of scams
[webapps] Casdoor 2.95.0 - Cross-Site Request Forgery (CSRF)
Casdoor 2.95.
HTTPS by default
One year from now, with the release of Chrome 154 in October 2026, we will change the default settings of Chrome to enable “Always Use Secure Connections”. T...
How MDR can give MSPs the edge in a competitive market
With cybersecurity talent in short supply and threats evolving fast, managed detection and response is emerging as a strategic necessity for MSPs
Cybersecurity Awareness Month 2025: Cyber-risk thrives in the shadows
Shadow IT leaves organizations exposed to cyberattacks and raises the risk of data loss and compliance failures
IT service desks: The security blind spot that may put your business at risk
Could a simple call to the helpdesk enable threat actors to bypass your security controls? Here’s how your team can close a growing security gap.
Cybersecurity Awareness Month 2025: Why software patching matters more than ever
As the number of software vulnerabilities continues to increase, delaying or skipping security updates could cost your business dearly.
How Uber seems to know where you are – even with restricted location permissions
Is the ride-hailing app secretly tracking you? Not really, but this iOS feature may make it feel that way.
Cybersecurity Awareness Month 2025: Passwords alone are not enough
Never rely on just a password, however strong it may be. Multi-factor authentication is essential for anyone who wants to protect their online accounts from ...