Email hijacking via OAuth
How attackers gain access to corporate services without stealing passwords or cookies: we’re analyzing the Shadow Token via Remote Debug technique used in ToddyCat APT attacks.
775 articles
How attackers gain access to corporate services without stealing passwords or cookies: we’re analyzing the Shadow Token via Remote Debug technique used in ToddyCat APT attacks.
Microsoft has addressed approximately 600 vulnerabilities in its products, affecting its entire product line — including even Minecraft Server and Age of Empires II. How can organizations handle such a volume?
Before launching a phishing attack, attackers initiate correspondence with the victim.
An inside look at the inner workings and hidden pitfalls of platforms offering dirt-cheap access to top-tier AI models.
These attacks didn’t start with sophisticated exploits. Instead, they relied on stolen passwords, too-lenient access rights, and a failure to apply long-released vulnerability patches.
A GReAT study has identified ~250,000 potential security issues in publicly accessible GitHub Actions.
We break down the core challenges and potential solutions for building a fully autonomous security operations center.
Austrian researchers have uncovered a bizarre new way hackers could steal sensitive data.
How to detect and block unauthorized AI tools in an organization.
Approaches to solving cybersecurity challenges in autonomous transportation systems.
High-level strategies for locking down popular AI tools that are either unneeded or outright banned under corporate policy.
How we use Kaspersky Container Security at Kaspersky, and why it’s much more than just an image scanner to us.
Attempts at hijacking AI resources are now taking place on an industrial scale. How is AI infrastructure being targeted, and what defensive measures should you implement?
We regularly create new SIEM rules, but behind the scenes lies a more fundamental process —the evolution of the correlation rules themselves.
A targeted supply chain attack via popular software for mounting disk images.
How and why droids from a galaxy far, far away switch their allegiances.
Building a functional app without programming skills is now a possibility, but maintaining it and ensuring cybersecurity remains a challenge. Here are several protective measures that even non-technical creators can implement.
Researchers have established that fiber-optic cables can be exploited for eavesdropping. We’re breaking down how feasible such an attack is in a real-world scenario.
We’re breaking down why developers have moved into the crosshairs, the specific tactics attackers are using, and how to reduce the risks of company infrastructure being compromised.
GDDRHammer, GeForge, and GPUBreach: three new research papers diving into attacks that exploit the Rowhammer technique.