Bringing Continuous Assessment to Harbor: Scan on Push, Stay Secure Over Time
Key Takeaways DevSecOps harmony exists when development and security teams operate on a shared definition of risk using consistent data, identifiers, and pri...
MITRE ATT&CK Mapping
Articles mapped to MITRE ATT&CK techniques. Select a technique to view matching articles.
T1598 — Phishing for Information (Reconnaissance)
Clear filter93 articles found
When tax season becomes cyberattack season: Phishing and malware campaigns using tax-related lures
During tax season, threat actors reliably take advantage of the urgency and familiarity of time-sensitive emails, including refund notices, payroll forms, fi...
MCP Servers Are the New Shadow IT for AI
Key Takeaways MCP servers are becoming the default wiring between AI agents and enterprise applications — but most organizations have zero visibility into wh...
Observability for AI Systems: Strengthening visibility for proactive risk detection
As AI systems grow more autonomous, observability becomes essential. Learn how visibility into AI behavior helps detect risk and strengthen secure development.
Claude Code Security and Magecart: Getting the Threat Model Right
When a Magecart payload hides inside the EXIF data of a dynamically loaded third-party favicon, no repository scanner will catch it – because the malicious c...
Delegated Trust Is Becoming the Largest Attack Surface in Modern Security
Over the next decade, the way we define security failures is going to change. No longer will it begin with an unpatched server or a careless employee clickin...
Free parking in Russia after Distributed Denial-of-Service attack knocks city’s parking system offline
Drivers in the Russian city of Perm have been enjoying an unexpected bonus this week: free parking. Not because the city council suddenly decided to embrace ...
Why Security Validation Is Becoming Agentic
If you run security at any reasonably complex organization, your validation stack probably looks something like this: a BAS tool in one corner. A pentest eng...
A Latte Trouble: Starbucks HR Accounts Hit in Credential Theft Incident
Starbucks has disclosed a data breach attackers gained access to hundreds of employees’ Starbucks Partner Central accounts, which are used for managing emplo...
The AI Doomsday Clock: When AI Becomes a Business Dependency, Not a Tool
Most conversations about AI in business start with the wrong question of “Can AI do the job?” It is entirely the wrong place to start.
Multiple Cisco Contact Center Products Cross-Site Scripting Vulnerabilities
Multiple vulnerabilities in the web-based management interface of Cisco Finesse, Cisco Packaged Contact Center Enterprise (Packaged CCE), Cisco Unified Conta...
Protect What Matters Most: Aligning Sensitive Data with Exposure Risk
This blog was written in collaboration with Symmetry Systems' Claude Mandy. Rapid7 and Symmetry Systems are partnering to help organizations reduce breach im...
Cisco Adaptive Security Appliance and Firepower Threat Defense Software Command Injection Vulnerability
A vulnerability in the Cisco Adaptive Security Appliance (ASA) restore functionality that is available in Cisco ASA Software and Cisco Firepower Threat Defen...
Cisco Secure Firewall Adaptive Security Appliance and Secure Firewall Threat Defense Software Lua Code Injection Vulnerability
A vulnerability in a small subset of CLI commands that are used on Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Cisco Secure Firewall...
Interplay between Iranian Targeting of IP Cameras and Physical Warfare in the Middle East
Key Findings Introduction As highlighted in the Cyber Security Report 2026, cyber operations have increasingly become an additional tool in interstate confli...
Cisco Catalyst SD-WAN Controller Authentication Bypass Vulnerability
A vulnerability in the peering authentication in Cisco Catalyst SD-WAN Controller, formerly SD-WAN vSmart, and Cisco Catalyst SD-WAN Manager, formerly SD-WAN...
Understanding IAM for Managed AWS MCP Servers
As AI agents become part of your development workflows on Amazon Web Services (AWS), you want them to work with your existing AWS Identity and Access Managem...
Why Service Providers Must Become Secure AI Factories
Discover AI factories – the next evolution in data centers powering AI models. Understand their role, challenges and deployment best practices for 2026.
Cisco UCS Manager Software Privilege Escalation Vulnerability
A vulnerability in the NX-OS CLI privilege levels of Cisco UCS Manager Software could allow an authenticated, local attacker with read-only privileges to mod...
mquire: Linux memory forensics without external dependencies
If you’ve ever done Linux memory forensics, you know the frustration: without debug symbols that match the exact kernel version, you’re stuck. These symbols ...