Articles mapped to MITRE ATT&CK techniques. Select a technique to view matching articles.
96 articles found
Could America turn off Europe's internet? That’s one of the questions that Graham and special guest James Ball will be exploring as they discuss tech soverei...
Key Points Introduction AI is rapidly becoming embedded in day-to-day enterprise workflows, inside browsers, collaboration suites, and developer tooling. As ...
We disclose new details about campaigns involving RenEngine and HijackLoader malware. Since March 2025, attackers have been distributing the Lumma stealer in...
Software signatures carry an invisible expiration date. The container image or firmware you sign today might be deployed for 20 years, but the cryptographic ...
Sonatype warns that open source threats became industrialized with a surge in malicious packages in 2025
While our previous two blog posts provided technical recommendations for increasing the effort required by attackers to develop 0-click exploit chains, our e...
Should verified identities become the standard online? Australia’s social media ban for under-16s shows why the question matters.
I recently attended the AI Engineer Code Summit in New York, an invite-only gathering of AI leaders and engineers. One theme emerged repeatedly in conversati...
We’re getting Sigstore’s rekor-monitor ready for production use, making it easier for developers to detect tampering and unauthorized uses of their identitie...
Since its original release in 2009, checksec has become widely used in the software security community, proving useful in CTF challenges, security posturing,...
.content img { border: 1px solid black; } TL;DR The root cause of the hack was a rounding direction issue that had been present in the code for many years.
Cyberbullying is a fact of life in our digital-centric society, but there are ways to push back
Posted by Dave Kleidermacher, VP Engineering, Android Security & Privacy Today marks a watershed moment and new benchmark for open-source security and the fu...
Unicode codepoint truncation - also called a Unicode overflow attack - happens when a server tries to store a Unicode character in a single byte.
Last year Johan Carlsson discovered you could conceal payloads inside the credentials part of the URL .
Through the years, we have seen many attacks exploiting web caches to hijack sensitive information or store malicious payloads.