The integration of Artificial Intelligence (AI) and blockchain technology is revolutionizing digital experiences, especially for developers aiming to enhance user interaction and improve security. By combining these cutting-edge technologies, digital platforms are becoming more personalized while ensuring that user…
Category: EN
Passkeys: The Future of Secure and Seamless Online Authentication
Passwords have been a cornerstone of digital security for decades, but managing them has grown increasingly complex. Even with the help of password managers, users face the challenge of creating and remembering countless unique, complex passwords. The days of…
Sophisticated Credit Card Skimmer Malware Targets WordPress Checkout Pages
Recent cybersecurity reports have highlighted a new, highly sophisticated credit card skimmer malware targeting WordPress checkout pages. This stealthy malware embeds malicious JavaScript into database records, leveraging database injection techniques to effectively steal sensitive payment information. Its advanced design…
Play Ransomware: A Rising Global Cybersecurity Threat
Play ransomware, also known as Balloonfly or PlayCrypt, has become a significant cybersecurity threat since its emergence in June 2022. Responsible for over 300 global attacks, this ransomware employs a double extortion model — stealing sensitive data before encrypting…
Meta Removes Independent Fact Checkers, Replaces With “Community Notes”
Meta to remove fact-checkers Meta is dumping independent fact-checkers on Instagram and Facebook, similar to what X (earlier Twitter) did, replacing them with “community notes” where users’ comments decide the accuracy of a post. On Tuesday, Mark Zuckerberg in a…
DEF CON 32 – Open Source Hacker V. Government Lawyer
Authors/Presenters: Rebecca Lively, Eddie Zaneski Our sincere appreciation to DEF CON, and the Authors/Presenters for publishing their erudite DEF CON 32 content. Originating from the conference’s events located at the Las Vegas Convention Center; and via the organizations YouTube channel.…
Gravy Analytics Data Breach Exposes Sensitive Location Data of U.S. Consumers
Gravy Analytics, the parent company of data broker Venntel, is facing mounting scrutiny after hackers reportedly infiltrated its systems, accessing an alarming 17 terabytes of sensitive consumer data. This breach includes detailed cellphone behavior and location data of U.S.…
Silent Crow Claims Hack of Russia’s Rosreestr, Leaks Citizens’ Personal Data
The hacking group Silent Crow has claimed responsibility for breaching Russia’s Federal Service for State Registration, Cadastre, and Cartography (Rosreestr), releasing what it describes as a fragment of the agency’s database. The leak reportedly includes sensitive personal information of…
From Alcatraz to Zero Trust: A Journey to RSA 2025 in San Francisco
During the winter months, the fog hangs heavy over San Francisco, mirroring the shroud of uncertainty that often accompanies discussions around cybersecurity. As I prepare to attend RSA 2025, the city’s iconic backdrop, Alcatraz, casts a long shadow, offering an…
Predictions for 2025’s biggest attacks from a pentester perspective
What’s Old is New: Network and Web Application Vulnerabilities The first newsworthy AI breach of 2024 didn’t come from a mind bending prompt injection, it came from classic exploit tactics. As we see organizations everywhere testing LLM and AI products…
Phishing in 2024: Navigating the Persistent Threat and AI’s Double-Edged Sword
In 2024, phishing remains one of the most prevalent and dangerous cybersecurity threats. Despite advancements in technology and increased awareness, cybercriminals continue to exploit human vulnerabilities, adapting their tactics to… The post Phishing in 2024: Navigating the Persistent Threat and…
What is PCI DSS 4.0: Is This Still Applicable For 2024?
In a time when cyber threats continuously evolve, a security standard or framework is essential for protecting digital assets. The Payment Card Industry Data Security Standard (PCI DSS), developed by the PCI Security Standards Council, empowers organisations to safeguard cardholder…
PCI DSS Requirements With v4.0.1 Updates For 2024
PCI DSS refers to the Payment Card Industry Data Security Standard created by the PCI Security Standards Council (PCI SSC), an independent entity founded by major payment card brands, including Visa, JCB International, MasterCard, American Express, and Discover. PCI DSS…
Elevating Security: The Crucial Role of Effective API Management in Today’s Digital Landscape
In today’s digital landscape, the increasing reliance on Application Programming Interfaces (APIs) brings significant security challenges that organizations must address. The Salt Labs State of API Security Report, 2024, reveals that… The post Elevating Security: The Crucial Role of Effective API…
Multi-OLE, (Sun, Jan 12th)
VBA macros and embedded files/objects are stored as OLE files inside OOXML files. This article has been indexed from SANS Internet Storm Center, InfoCON: green Read the original article: Multi-OLE, (Sun, Jan 12th)
How a researcher earned $100,000 hacking a Facebook server
Facebook paid $100,000 to a researcher for discovering a bug that granted him command access to an internal server in October 2024. TechCrunch first reported that Facebook awarded security researcher Ben Sadeghipour (@NahamSec) $100,000 for reporting a vulnerability that granted him access…
Week in review: Exploited Ivanti Connect Secure zero-day, Patch Tuesday forecast
Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Ivanti Connect Secure zero-day exploited by attackers (CVE-2025-0282) Ivanti has fixed two vulnerabilities affecting Ivanti Connect Secure, Policy Secure and ZTA gateways, one of which…
Wireshark 4.4.3 Released, (Sat, Jan 11th)
Wireshark release 4.4.3 fixes 0 vulnerabilities and 8 bugs. This article has been indexed from SANS Internet Storm Center, InfoCON: green Read the original article: Wireshark 4.4.3 Released, (Sat, Jan 11th)
SuperDraft – 300,187 breached accounts
In October 2024, the fantasy sports platform SuperDraft suffered a data breach that exposed over 300k customer records. The breach contained 24GB of data including email addresses, usernames, transactions, latitudes and longitudes, dates of birth and bcrypt password hashes. This…
Advancements in Machine Identity Protections
The Strategic Importance of Non-Human Identities Are we taking the necessary steps to secure our machine identities, or are we leaving our systems exposed to potential attackers? Non-Human Identities (NHIs) play a critical role in maintaining secure cloud environments. In…