The rapid rise of AI-powered applications brings innovation, but also security blind spots. As AI systems become integral to our daily lives, their security must keep pace with their capabilities. This is the focus of our AI Security Testing Series, where we analyze popular AI applications for vulnerabilities that could put users at risk. In our last analysis, we tested Deepseek’s Android app and uncovered critical security flaws.

Stealthy adversaries continually exploit system utilities to execute malicious code. A particularly potent and frequently misused tactic is MITRE ATT&CK T1059 - Command and Scripting Interpreter, wherein attackers harness built-in interpreters like PowerShell, Bash, Python, or JavaScript to run arbitrary commands.

In 2024, Cyjax observed the emergence of 72 extortion and ransomware group data-leak sites (DLSs). As of mid-April 2025, Cyjax has identified DLSs for 27 new groups this year, as noted in recent blogs on Morpheus, GD LockerSec, Babuk2, Linkc, Anubis, Arkana, Frag, and RALord.

Generative AI has gone from a novelty to an essential part of daily workflows across all teams at an organization. Whether it’s ChatGPT, Microsoft Copilot, Claude, or Google Gemini, employees are using chatbots to copy, paste, summarize, and query data at a pace and scale we have never seen before. Unfortunately, data security has not been a fundamental feature of generative AI as the technology’s popularity and functionality has exploded.

In today’s rapidly changing digital environment, APIs play a crucial role in modern business, facilitating smooth connectivity and data sharing. Yet, this interconnected nature brings significant security and privacy risks, as evidenced by the Federal Trade Commission's (FTC) recent settlement with GoDaddy. This settlement serves as a stark reminder that strong API security is no longer just a good security practice but is now a legal obligation.

The number of connected devices will reach over 17 billion worldwide in 2024. This is a big deal as it means that all previous connectivity records. The statistics paint a worrying picture – 22% of organizations dealt with serious IoT security incidents last year. The security landscape looks even more concerning. The average organization’s devices remain completely unsecured – about 30% of them. IoT devices face significant threats, with malware affecting 49% of them.

Simplify Authentication Across Your.NET Applications.Eliminate repeated logins with SAML Single Sign-On (SSO) built for decoupled.NET apps. Let users log in once and securely access all your applications—streamlining access while ensuring enterprise-grade security and a seamless user experience.