Zapocalypse Attack Lets Threat Actors Hijack Zapier Accounts
“Zapocalypse” is a newly disclosed attack chain that shows how attackers could have abused Zapier’s “Code by Zapier” feature to move from a single sandboxed ...
MITRE ATT&CK Mapping
Articles mapped to MITRE ATT&CK techniques. Select a technique to view matching articles.
T1598 — Phishing for Information (Reconnaissance)
Clear filter197 articles found
Building a risk-based vulnerability management program that scales
In this Help Net Security video, Shankar Somasundaram, CEO at Asimily, explains how to build a risk-based vulnerability program. He notes that vulnerabilitie...
IBM and Red Hat want to become the ‘security clearinghouse’ for open source applications in the enterprise
Open source code is everywhere in the enterprise; it’s estimated that upwards of 90% of Fortune 500 companies have it in their software supply chains. But op...
[webapps] CubeCart < 6.7.0 - Reflected Cross-Site Scripting (XSS) (Unauthenticated)
CubeCart < 6.7.
Experts on Experts: Why Compliance is becoming Continuous
This week on Experts on Experts, I’m joined by Sergio Alonso – Rapid7’s Director of Trust, Risk, and Compliance – to talk about how compliance is changing an...
Digimarc adds provenance, audit, and verification controls for AI agent workflows
Digimarc has announced new provenance and verification infrastructure designed to secure autonomous and AI-enabled workflows. As enterprises increasingly ado...
Hackers Host JS Malware on GHOSTYNETWORKS and OMEGATECH
Hackers are abusing two bulletproof hosting providers, GHOSTYNETWORKS and OMEGATECH, to run a global JavaScript (JS) malware infrastructure that powers large...
Laying the groundwork: A practical path to identity security for AI agents
As enterprises move toward AI-driven operations, identity modernization becomes essential.
A new identity class: Why AI agents require runtime control
Because AI agents are neither human nor traditional machines, they must be treated as a third class of identity.
Grandoreiro Malware and BTMOB RAT Campaigns Target Windows and Android Users
Latin America and Europe become the target of two banking trojan campaigns that are designed to infect Windows and Android devices with Grandoreiro and BTMOB...
How attackers engineer BECs against specific organizations
Teams can mitigate BECs by better understanding their company’s attack profile.
ABB LVS MConfig
View CSAF Summary ABB became aware of an internally discovered vulnerability in the MConfig product versions listed as affected in the advisory. An attacker ...
What happens when security teams inherit identity
At the Span Cyber Security Arena conference, I sat down with Eric Woodruff, Chief Identity Architect at Semperis, to talk about how organizations perceive id...
Vulnerabilities have become cyber attackers’ No. 1 door to the enterprise
Patching practices are coming under intense pressure of late, as time-to-exploit windows accelerate — a new reality likely to worsen as AI assistance in atta...
Manage machine identities: The hidden privileged access layer you need to manage
Why are machine identities becoming the majority of “things with access”? Every automation, integration, and workload needs a way to authenticate and the rig...
Anthropic adds 28 security and compliance integrations for Claude
AI tools are becoming part of everyday work in organizations, creating new security and oversight requirements as usage grows. To address that, Anthropic int...
The Alert Firehose Finally Meets Its Match
Ask a cybersecurity pro about Network Detection and Response (NDR) and you might still hear "Noisy," "Too much data." But ask the teams running NDR that incl...
Kazuar Malware Becomes Modular Spyware for Secret Blizzard Ops
A major evolution in the Kazuar malware family, a long-standing cyber espionage tool linked to the Russian state-sponsored threat group Secret Blizzard, also...
Lessons for organizations from the Verizon 2026 Data Breach Investigations Report
This is my favourite time of the year, not just because spring is here and the promise of summer is on the way. But also, because one of my must reads each y...
npm Adds 2FA-Gated Publishing and Package Install Controls Against Supply Chain Attacks
GitHub has rolled out new controls for npm to improve the security of the software supply chain, giving maintainers the ability to explicitly approve a relea...