From the Labs: YARA Rule for Detecting StealC
Tracking StealC's Rise: How YARA Rules Help Uncover a New Breed of Information Stealers
From the Labs: YARA Rule for Detecting StealC
Operation Brainleeches: Malicious npm packages fuel supply chain and phishing attacks
“Write once, infect everywhere” might be the new cybercrime motto, with newly discovered campaigns showing malicious npm packages powering phishing kits and supply chain attacks.
.webp&w=3840&q=75)
The Week in Security: Third-party breach exposes customer to LockBit, countries team to block DDoS
Welcome to the latest edition of The Week in Security, which brings you the newest headlines from both the world and our team across the full stack of security: application security, cybersecurity, and beyond.
Give your Microsoft Sentinel incidents some style
Here's how to use basic HTML to dress up your security incidents
Here’s MITRE’s top-25 CWE list — with your old vulnerability category favorites
C’mon, dev teams — it's about time to get serious about memory safety, XSS and SQLi.
The Week in Security: Third-party compromise lands pilot data from American, Southwest airlines
Welcome to the latest edition of The Week in Security, which brings you the newest headlines from both the world and our team across the full stack of security: application security, cybersecurity, and beyond.
Hackers breached UPS data for SMS phish spree
It’s a dog-eat-dog world ... Bug allows bad actor to manipulate URLs and extract data. Note to devs: Avoid consecutive object references and add entropy.
5 reasons why cyber attackers love software developers
Hackers are having a field day targeting developers with supply chain attacks, which open doors to other compromises. Here's why — and what to do about it.
The Week in Security: BlackCat threatens to leak Reddit data, attackers target npm packages (again)
Welcome to the latest edition of The Week in Security, which brings you the newest headlines from both the world and our team across the full stack of security: application security, cybersecurity, and beyond.
Passkeys standard: Time to add it to your dev plans?
Forward-thinking DevOps shops are doing it already. Isn’t it time your team got on board?
MITRE’s System of Trust: A discussion about standardizing software supply chain risk
Robert Martin of MITRE and Cassie Crossley of Schneider Electric discuss how MITRE’s System of Trust helps operationalize software supply chain security.
How to Investigate Security Incidents with Threat Intelligence in Microsoft Sentinel
From Indicators to Action: Streamlining Incident Response with Integrated Threat Intelligence in Sentinel
OWASP Top 10 for LLM Applications: Can AI risk be tamed?
OWASP is expanding its Top 10 series with a list of large language model vulnerabilities. Here's what AppSec teams need to know.
From the Labs: YARA Rule for Detecting HermeticRansom
The ReversingLabs YARA detection rule for HermeticRansom can help you find this ransomware in your environment.
CISA SBOM-a-rama tackles challenges: 5 key takeaways
CISA hosted SBOM-a-rama on Wednesday to move software bills of material — a list of ingredients for software and services — forward. Here are top takeaways and insights.