%term

Pixel-Perfect Trap: The Surge of SVG-Borne Phishing Attacks

Apr 10, 2025 By Bernard Bautista and Kevin Adriano In Trustwave

Ever thought an image file could be part of a cyber threat? The Trustwave SpiderLabs Email Security team has identified a major spike in SVG image-based attacks, where harmless-looking graphics are being used to hide dangerous links. This blog post analyzes the various techniques cybercriminals are using to cleverly weaponize these image files in phishing attacks and what your organization can do to prevent these pixel-perfect tricks.

Read Post

Trustwave

Read more about Pixel-Perfect Trap: The Surge of SVG-Borne Phishing Attacks

Gcore Super Transit Brings Advanced DDoS Protection and Acceleration for Superior Enterprise Security and Speed

Apr 9, 2025 By Gcore

Gcore, the global edge AI, cloud, network, and security solutions provider, has launched Super Transit, a cutting-edge DDoS protection and acceleration feature, designed to safeguard enterprise infrastructure while delivering lightning-fast connectivity.

Read Post

Read more about Gcore Super Transit Brings Advanced DDoS Protection and Acceleration for Superior Enterprise Security and Speed

Agents Under Attack: Threat Modeling Agentic AI

Apr 9, 2025 By Shaked Reiner In CyberArk

The term “Agentic AI” has recently gained significant attention. Agentic systems are set to fulfill the promise of Generative AI—revolutionizing our lives in unprecedented ways.

Read Post

CyberArk

Read more about Agents Under Attack: Threat Modeling Agentic AI

Data Weaponization: How Cyber Attacks Impact the Vulnerable

Apr 8, 2025 By Rubrik In Rubrik

Welcome to the Data Security Decoded podcast by Rubrik Zero Labs. In this episode, our host Caleb Tolin speaks with Pavlina Pavlova, a researcher and cybersecurity advocate focusing on data weaponization and its disproportionate impact on vulnerable populations. Pavlina defines data weaponization as using data to manipulate, deceive, coerce, or attack someone to inflict harm. Her research investigates why cyber attacks and their impacts often have gendered dimensions, with certain populations experiencing more severe consequences.

View Video

Rubrik

Read more about Data Weaponization: How Cyber Attacks Impact the Vulnerable

AI-powered attacks are getting more sophisticated.

Apr 8, 2025 By Cloudflare In Cloudflare

AI-powered attacks are getting more sophisticated. However, AI-powered defense is evolving even faster. At Cloudflare, AI is already detecting and stopping threats faster than human researchers ever could. How? Machine learning models analyze millions of attack patterns in real-time, identifying anomalies and blocking threats before they spread. AI detects novel attack patterns before they even make headlines AI reduces false positives, helping security teams focus on real risks AI learns from past incidents, adapting faster than traditional security tools.

View Video

Cloudflare

Read more about AI-powered attacks are getting more sophisticated.

Upgraded Phishing-as-a-Service Platform Drives a Wave of Smishing Attacks

Apr 7, 2025 By Stu Sjouwerman In KnowBe4

A phishing-as-a-service (PhaaS) platform dubbed ‘Lucid’ is driving a surge in SMS phishing (smishing) attacks, according to researchers at Prodaft. The platform is operated by Chinese cybercriminals who offer access to the service under a subscription model. A Lucid subscription allows crooks to easily craft sophisticated, targeted phishing campaigns.

Read Post

KnowBe4

Read more about Upgraded Phishing-as-a-Service Platform Drives a Wave of Smishing Attacks

Detecting Fast Flux with Sysdig Secure and VirusTotal

Apr 4, 2025 By Sysdig Threat Research Team In Sysdig

On April 3, 2025, the National Security Agency and other partner agencies released a critical advisory about DNS and Fast Flux. They even called it a national security threat due to the potential dangers involved. In this article, we’ll go over what Fast Flux is and how Sysdig Secure detects this attack technique. We’ll also cover gathering potential Fast Flux domain names from VirusTotal.

Read Post

Sysdig

Read more about Detecting Fast Flux with Sysdig Secure and VirusTotal

Phishing Attacks Are Evolving - Is Your Email Security Keeping Up?

Apr 4, 2025 By Craig Searle In Trustwave

A strong email security posture is as much about culture as it is about technology. In the 2022-23 financial year, 78% of Australian businesses offered annual cybersecurity training to their entire workforce; however, only 39% of these businesses provided specialized training for privileged users who are authorized to perform security-relevant functions that ordinary users are not.

Read Post

Trustwave

Read more about Phishing Attacks Are Evolving - Is Your Email Security Keeping Up?

An Update on QuickShell: Sharing Is Caring about an RCE Attack Chain on Quick Share

Apr 3, 2025 By SafeBreach In SafeBreach

Authors: Or Yair, Security Research Team Lead Last August, I shared a blog on my most recent research project with Shmuel Cohen called QuickShell: Sharing Is Caring about an RCE Attack Chain on Quick Share, which we initially presented at DEF CON 32 (2024). In it, we explained how we discovered 10 unique vulnerabilities in Google’s Quick Share data transfer utility, some of which we were able to assemble into an innovative remote code execution (RCE) attack chain against the Windows version.

Read Post

SafeBreach

Read more about An Update on QuickShell: Sharing Is Caring about an RCE Attack Chain on Quick Share

API Attacks Up 150% - Here's Why You Should Care Now #APISecurity #APIAttacks #AIVulnerabilities

Apr 3, 2025 By Wallarm In Wallarm

Even worse, 98.9% of AI vulnerabilities are tied to insecure APIs.. APIs are being discovered in under 30 seconds, according to Wallarm’s honeypot research. Weak authentication, broken access controls, and missing rate limits are opening the door. Now’s the time to take API security seriously. Learn how to protect your systems before it’s too late.

View Video