A Cereal Offender: Analyzing the CORNFLAKE.V3 Backdoor
Written by: Marco Galli Welcome to the Frontline Bulletin Series Straight from Mandiant Threat Defense, the "Frontline Bulletin" series brings you the latest...
Aggregating 7636 articles from trusted cybersecurity sources
Written by: Marco Galli Welcome to the Frontline Bulletin Series Straight from Mandiant Threat Defense, the "Frontline Bulletin" series brings you the latest...
Sometimes people think they've found HTTP request smuggling, when they're actually just observing HTTP keep-alive or pipelining.
Posted by Dave Kleidermacher, VP Engineering, Android Security & Privacy Today marks a watershed moment and new benchmark for open-source security and the fu...
Abstract Upstream HTTP/1.1 is inherently insecure and regularly exposes millions of websites to hostile takeover.
Summary The Cybersecurity and Infrastructure Security Agency (CISA) and U.S.
Written by: Stuart Carrera, Brian Meyer Executive Summary Broadcom's VMware vSphere product continues to be a top choice for private cloud virtualization, un...
Introduction In mid 2025, Google Threat Intelligence Group (GTIG) identified a sophisticated and aggressive cyber campaign targeting multiple industries, inc...
Posted by Matthew Suozzo, Google Open Source Security Team (GOSST) Today we're excited to announce OSS Rebuild, a new project to strengthen trust in open sou...
Summary Note: This joint Cybersecurity Advisory is part of an ongoing #StopRansomware effort to publish advisories for network defenders that detail various ...
Written by: Josh Goddard, Zander Work, Dimiter Andonov UPDATE (Sep 16): Clarified hunting guidance specifics surrounding ld.so.
Manual testing doesn't have to be repetitive.
Posted by David Adrian, Javier Castro & Peter Kotwicz, Chrome Security Team Android recently announced Advanced Protection, which extends Google’s Advanced P...
In this Help Net Security video, Chris Boehm, Field CTO, Zero Networks, breaks down how a vendor breach can become your breach. He explains that attackers no...
The "Breach at the Beach" CTF, created by Varonis researchers Doron Kapah and Mark Vaitsman, simulates attacks within Entra ID, focusing on how threat actors...
The compromised data includes customer salutations, first and last names, phone numbers, email addresses, dates of birth, and customer numbers.
The breach was discovered after mass emails were sent from legitimate AFA domains, claiming Argentina "stole" the win from Egypt.
Lidl disclosed a third-party data breach affecting online shop customers in Germany, Belgium, and the Netherlands. Payment data was not exposed.
Following the breach of several of her Telegram channels, controversial Russian journalist Ksenia Sobchak claimed published screenshots of her correspondence...
German discount supermarket chain Lidl has notified customers in Germany, Belgium, and the Netherlands that customer data was stolen after attackers breached...
The Cybersecurity and Infrastructure Security Agency (CISA) has issued a postmortem on a data leak in which a contractor published dozens of internal CISA cr...
Here are five steps defenders can take in the wake of the Canvas breach.
German discount supermarket chain Lidl notified customers in Germany, Belgium, and the Netherlands that attackers stole their personal information in a breac...
Learn how attackers abuse Entra ID through a free hands-on Capture the Flag. Varonis created the Breach at the Beach CTF to teach defenders how to investigat...
For the latest discoveries in cyber research for the week of 13th July, please download our Threat Intelligence Bulletin. TOP ATTACKS AND BREACHES U.