%term

RATatouille: A Malicious Recipe Hidden in rand-user-agent (Supply Chain Compromise)

May 6, 2025 By Charlie Eriksen In Aikido

On 5 May, 16:00 GMT+0, our automated malware analysis pipeline detected a suspicious package released, rand-user-agent@1.0.110. It detected unusual code in the package, and it wasn’t wrong. It detected signs of a supply chain attack against this legitimate package, which has about ~45.000 weekly downloads.

Read Post

Aikido

Read more about RATatouille: A Malicious Recipe Hidden in rand-user-agent (Supply Chain Compromise)

What's new in Tines: April 2025 edition

May 6, 2025 By Hannah Roy In Tines

Workbench offers many powerful capabilities, and with it, we believe you should be able to use any of your tools with their custom configurations. So, we decided private templates should be available for Workbench conversations. And the ability to take control of Tines AI features doesn’t stop there: Read more on private templates →

Read Post

Tines

Read more about What's new in Tines: April 2025 edition

Chaining CVE-2024-38475 and CVE-2023-44221 for Full System Compromise

May 6, 2025 By Lauren Farrell In Centripetal

CVE-2024-38475 is a critical vulnerability in the Apache HTTP Server’s mod_rewrite module that permits arbitrary file read operations under specific configurations. This flaw arises from inadequate sanitization of user-controlled input passed to RewriteRule directives, which allows attackers to traverse the filesystem by manipulating server variables and regex capture groups.

Read Post

Centripetal

Read more about Chaining CVE-2024-38475 and CVE-2023-44221 for Full System Compromise

May 06, 2025 Cyber Threat Intelligence Briefing

May 6, 2025 By Kroll In Kroll

This week’s briefing covers: UK Defence Contractors Warn Staff Against Chinese EVs UK defence firms, including Lockheed Martin and Thales, have advised staff against connecting mobile phones to Chinese-made electric vehicles (EVs) due to concerns over potential espionage and data theft. These vehicles, equipped with cameras, microphones, and internet connectivity, could be exploited by hostile states to collect sensitive information.

View Video

Kroll

Read more about May 06, 2025 Cyber Threat Intelligence Briefing

11 Types of Biometric Authentication for More Secure Logins

May 6, 2025 By miniOrange In miniOrange

Biometric logins power multi-factor authentication in software applications. Selecting the right type of biometric authentication method leads to better business security.

Read Post

miniOrange

Read more about 11 Types of Biometric Authentication for More Secure Logins

What does it mean to be cyber resilient?

May 6, 2025 By Rubrik In Rubrik

Achieving should be a priority for all! Everyone needs to pull their weight when it comes to protecting the lifeblood of your organization: your data. Let’s take a new approach to cybersecurity, one that assumes that cyber attacks WILL happen. Resilience means being ready for anything! Learn more about what it means to be truly by checking out the link in our bio.

View Video

Rubrik

Read more about What does it mean to be cyber resilient?

AI + OWASP: Same Threats, New Surface | Wallarm 2025 API Security Report #APIsecurity #OWASP

May 6, 2025 By Wallarm In Wallarm

There’s near-perfect overlap between the OWASP API Top 10 and LLM Top 10. The threats haven’t changed — only the surface they attack.

View Video

Wallarm

Read more about AI + OWASP: Same Threats, New Surface | Wallarm 2025 API Security Report #APIsecurity #OWASP

2FA vs MFA: What's the Difference?

May 6, 2025 By miniOrange In miniOrange

Understand the key differences between Two-Factor Authentication (2FA) and Multi-Factor Authentication (MFA) and how each enhances security to protect your business from evolving cyber threats.

Read Post

miniOrange

Read more about 2FA vs MFA: What's the Difference?

Breaking the Cycle of Alert Fatigue: How to Prioritize Critical Vulnerabilities

May 6, 2025 By Natalie Tischler In Veracode

Security teams are increasingly overwhelmed by the sheer volume of alerts generated by detection tools. While detection capabilities have improved over time, this has led to an unintended consequence: alert fatigue. The rapid proliferation of alerts—many of which lack critical context—makes it difficult for security teams to prioritize and address the most urgent vulnerabilities.

Read Post

Veracode

Read more about Breaking the Cycle of Alert Fatigue: How to Prioritize Critical Vulnerabilities

Top 11 Benefits of having SOC 2 Certification!

May 6, 2025 By VISTA InfoSec In VISTA InfoSec

SOC 2 certification is an audit framework developed by the AICPA that evaluates an organization’s ability to design and operate effective controls related to security, availability, processing integrity, confidentiality, and privacy. It’s a critical assurance tool for service providers managing customer data in the cloud, demonstrating a commitment to robust internal controls and regulatory compliance.

Read Post