CISA Adds Critical Aquasecurity Trivy Scanner Vulnerability to KEV Catalog
The Cybersecurity and Infrastructure Security Agency (CISA) has urgently added a critical flaw affecting Aquasecurity’s Trivy scanner to its Known Exploited ...
MITRE ATT&CK Mapping
Articles mapped to MITRE ATT&CK techniques. Select a technique to view matching articles.
T1598 — Phishing for Information (Reconnaissance)
Clear filter139 articles found
Fake Cloudflare CAPTCHA Pages Deliver Infiniti Stealer Malware on macOS
A newly discovered macOS infostealer dubbed Infiniti Stealer is being actively distributed through deceptive Cloudflare-style CAPTCHA pages, marking a notabl...
TeamPCP Supply Chain Campaign: Update 001 ? Checkmarx Scope Wider Than Reported, CISA KEV Entry, and Detection Tools Available, (Thu, Mar 26th)
This is the first update to the TeamPCP supply chain campaign threat intelligence report, “When the Security Scanner Became the Weapon†(v3.0, March 25, ...
Microsoft credential phishing weaponizes Bubble AI app builder
Microsoft credential phishing weaponizes Bubble AI app builder AI-powered no-code app-building platform Bubble has been exploited to create illicit web apps ...
AI Becomes the Top Cybersecurity Priority for Defenders as Criminals Exploit It, PwC Warns
PwC Annual Threat Dynamics report says AI-threats are the biggest concern of clients
Google races to secure encryption before quantum threats arrive
Google is preparing for the quantum era, a turning point in digital security, with a 2029 timeline for post-quantum cryptography (PQC) migration. Security pr...
Preventing Account Takeovers: A Practical Guide to Detection and Response
Yesterday’s password leak can become tomorrow’s identity crisis. According to research firm Gitnux, account-takeover attacks jumped 354 percent in 2023, driv...
A nearly undetectable LLM attack needs only a handful of poisoned samples
Prompt engineering has become a standard part of how large language models are deployed in production, and it introduces an attack surface most organizations...
ColorTokens' Rajesh Khazanchi on breach readiness for measurable risk reduction in the age of AI
Rajesh Khazanchi explores why breach readiness has become mission-critical for business continuity.
Novee's Ido Geffen on why AI pentesting is becoming essential
Novee's Ido Geffen explains what “AI penetration testing” means.
Cisco IOS XE Software Denial of Service Vulnerability
A vulnerability in the CLI of Cisco IOS XE Software could allow an authenticated, local attacker to cause a denial of service (DoS) condition on an affected ...
Cisco IOS XE Software Lobby Ambassador Privilege Escalation Vulnerability
A vulnerability in the Lobby Ambassador web-based management API of Cisco IOS XE Software could allow an authenticated, remote attacker to elevate their priv...
Paid AI Accounts Are Now a Hot Underground Commodity
AI accounts are becoming part of the cybercrime supply chain, sold like email accounts or VPS access. Flare Systems shows how underground markets bundle and ...
Vorlon adds forensics and response to secure AI agents
Vorlon has unveiled AI Agent Flight Recorder and AI Agent Action Center, adding forensics and coordinated response to secure enterprise agentic ecosystems an...
GoHarbor Issues Urgent Patch for Harbor Flaw Allowing Full Registry Compromise
A critical security flaw in GoHarbor’s Harbor container registry exposes organizations to severe supply chain attacks. Tracked as CVE-2026-4404, this vulnera...
Trivy supply chain breach compromises over 1,000 SaaS environments, Lapsus$ joins the extortion wave
What started as a supply chain attack on Trivy, a widely used security scanner, has become a Lapsus$-linked extortion campaign, with more than 1,000 enterpri...
Hackers Exploiting Magento Flaw to Execute Remote Code and Seize Full Account Access
A critical vulnerability dubbed “PolyShell” is actively being exploited across Magento and Adobe Commerce platforms. Discovered by the Sansec Forensics Team ...
ClawHub Vulnerability Lets Attackers Manipulate Rankings to Become Top Skill
Silverfort researchers recently uncovered a critical security flaw in ClawHub, the main public registry for the OpenClaw agent ecosystem. This vulnerability ...
Understanding Wiz’s Approach to Securing the AI Supply Chain
As organizations race to deploy AI, securing the rapidly expanding ecosystem of models, data, and dependencies has become a critical priority, much of which ...
TeamPCP Hacks Checkmarx GitHub Actions Using Stolen CI Credentials
Two more GitHub Actions workflows have become the latest to be compromised by credential-stealing malware by a threat actor known as TeamPCP, the cloud-nativ...