Guides, playbooks, and learning resources to level up your cybersecurity knowledge and keep your organization secure.
Report shows how industrialized credential theft underpins ransomware, SaaS breaches, and geopolitical attacks, shifting security focus from prevention to detecting misuse of legitimate access.
Licensed malware with built-in persistence and automation enables attackers to continuously siphon credentials, session data, and cryptocurrency assets.
No description available.
AI agent risk isn't equal, it scales with access to systems and level of autonomy. Token Security explains how CISOs should categorize agents and prioritize what to secure first.
After validating stolen credentials using TruffleHog, the hacking group started AWS services enumeration and lateral movement activities.
Hackers hijacked the npm account of the Axios package, a JavaScript HTTP client with 100M+ weekly downloads, to deliver remote access trojans to Linux, Windows, and macOS systems.
Attackers can exploit the bugs through prompt injection, chaining them together to escape the sandbox and execute arbitrary code.
Iranian APTs are blurring the lines between state-sponsored and cybercriminal activities to target high-impact US organizations.
Unit 42 found excessive P4SA permissions in Vertex AI, enabling credential theft and cloud data exposure, increasing breach risk.
Microsoft has resolved a known issue that rendered the classic Outlook email client unusable for users who enabled the Microsoft Teams Meeting Add-in.
View CSAF
