Cisco Nexus Dashboard Configuration Backup REST API Unauthorized Access Vulnerability
A vulnerability in the configuration backup feature of Cisco Nexus Dashboard could allow an attacker who has the encryption password and access to Full or Co...
MITRE ATT&CK Mapping
Articles mapped to MITRE ATT&CK techniques. Select a technique to view matching articles.
T1598 — Phishing for Information (Reconnaissance)
Clear filter138 articles found
ChatGPT Security Issue Enabled Data Theft via Single Prompt
OpenAI has patched vulnerability, which Check Point said was because of a DNS loophole
Cybercriminals Exploit Tax Season With New Phishing Tactics
Tax-season phishing floods deliver RMM malware, credential theft, BEC and tax-form scams
AI Becomes the Top Cybersecurity Priority for Defenders as Criminals Exploit It, PwC Warns
PwC Annual Threat Dynamics report says AI-threats are the biggest concern of clients
Cisco IOS XE Software Lobby Ambassador Privilege Escalation Vulnerability
A vulnerability in the Lobby Ambassador web-based management API of Cisco IOS XE Software could allow an authenticated, remote attacker to elevate their priv...
Multiple Cisco Contact Center Products Cross-Site Scripting Vulnerabilities
Multiple vulnerabilities in the web-based management interface of Cisco Finesse, Cisco Packaged Contact Center Enterprise (Packaged CCE), Cisco Unified Conta...
Why Service Providers Must Become Secure AI Factories
Discover AI factories – the next evolution in data centers powering AI models. Understand their role, challenges and deployment best practices for 2026.
mquire: Linux memory forensics without external dependencies
If you’ve ever done Linux memory forensics, you know the frustration: without debug symbols that match the exact kernel version, you’re stuck. These symbols ...
When Security Becomes an Afterthought
As AI deployment races ahead, security scrambles to keep up. Nikesh Arora on why AI's biggest risk is treating security as an afterthought.
Building cryptographic agility into Sigstore
Software signatures carry an invisible expiration date. The container image or firmware you sign today might be deployed for 20 years, but the cryptographic ...
Is it time for internet services to adopt identity verification?
Should verified identities become the standard online? Australia’s social media ban for under-16s shows why the question matters.
A 0-click exploit chain for the Pixel 9 Part 3: Where do we go from here?
While our previous two blog posts provided technical recommendations for increasing the effort required by attackers to develop 0-click exploit chains, our e...
Can chatbots craft correct code?
I recently attended the AI Engineer Code Summit in New York, an invite-only gathering of AI leaders and engineers. One theme emerged repeatedly in conversati...
Android’s pKVM Becomes First Globally Certified Software to Achieve Prestigious SESIP Level 5 Security Certification
Posted by Dave Kleidermacher, VP Engineering, Android Security & Privacy Today marks a watershed moment and new benchmark for open-source security and the fu...
From Help Desk to Hypervisor: Defending Your VMware vSphere Estate from UNC3944
Introduction In mid 2025, Google Threat Intelligence Group (GTIG) identified a sophisticated and aggressive cyber campaign targeting multiple industries, inc...
Bypassing character blocklists with unicode overflows
Unicode codepoint truncation - also called a Unicode overflow attack - happens when a server tries to store a Unicode character in a single byte.
Concealing payloads in URL credentials
Last year Johan Carlsson discovered you could conceal payloads inside the credentials part of the URL .
Gotta cache 'em all: bending the rules of web cache exploitation
Through the years, we have seen many attacks exploiting web caches to hijack sensitive information or store malicious payloads.