Why Service Providers Must Become Secure AI Factories
Discover AI factories – the next evolution in data centers powering AI models. Understand their role, challenges and deployment best practices for 2026.
MITRE ATT&CK Mapping
Articles mapped to MITRE ATT&CK techniques. Select a technique to view matching articles.
T1598 — Phishing for Information (Reconnaissance)
Clear filter136 articles found
Cisco UCS Manager Software Privilege Escalation Vulnerability
A vulnerability in the NX-OS CLI privilege levels of Cisco UCS Manager Software could allow an authenticated, local attacker with read-only privileges to mod...
mquire: Linux memory forensics without external dependencies
If you’ve ever done Linux memory forensics, you know the frustration: without debug symbols that match the exact kernel version, you’re stuck. These symbols ...
Smashing Security podcast #455: Face off: Meta’s Glasses and America’s internet kill switch
Could America turn off Europe's internet? That’s one of the questions that Graham and special guest James Ball will be exploring as they discuss tech soverei...
AI in the Middle: Turning Web-Based AI Services into C2 Proxies & The Future Of AI Driven Attacks
Key Points Introduction AI is rapidly becoming embedded in day-to-day enterprise workflows, inside browsers, collaboration suites, and developer tooling. As ...
The game is over: when “free” comes at too high a price. What we know about RenEngine
We disclose new details about campaigns involving RenEngine and HijackLoader malware. Since March 2025, attackers have been distributing the Lumma stealer in...
Building cryptographic agility into Sigstore
Software signatures carry an invisible expiration date. The container image or firmware you sign today might be deployed for 20 years, but the cryptographic ...
Researchers Uncover 454,000+ Malicious Open Source Packages
Sonatype warns that open source threats became industrialized with a surge in malicious packages in 2025
A 0-click exploit chain for the Pixel 9 Part 3: Where do we go from here?
While our previous two blog posts provided technical recommendations for increasing the effort required by attackers to develop 0-click exploit chains, our e...
Is it time for internet services to adopt identity verification?
Should verified identities become the standard online? Australia’s social media ban for under-16s shows why the question matters.
Can chatbots craft correct code?
I recently attended the AI Engineer Code Summit in New York, an invite-only gathering of AI leaders and engineers. One theme emerged repeatedly in conversati...
Catching malicious package releases using a transparency log
We’re getting Sigstore’s rekor-monitor ready for production use, making it easier for developers to detect tampering and unauthorized uses of their identitie...
Building checksec without boundaries with Checksec Anywhere
Since its original release in 2009, checksec has become widely used in the software security community, proving useful in CTF challenges, security posturing,...
Balancer hack analysis and guidance for the DeFi ecosystem
.content img { border: 1px solid black; } TL;DR The root cause of the hack was a rounding direction issue that had been present in the code for many years.
Don’t let “back to school” become “back to (cyber)bullying”
Cyberbullying is a fact of life in our digital-centric society, but there are ways to push back
Android’s pKVM Becomes First Globally Certified Software to Achieve Prestigious SESIP Level 5 Security Certification
Posted by Dave Kleidermacher, VP Engineering, Android Security & Privacy Today marks a watershed moment and new benchmark for open-source security and the fu...