The WhatsApp takeover scam that doesn't need your password
How a simple “I found your photo” message can quietly take over your account.
Mastering OWASP Detection: Enterprise Rules for AWS, Akamai, F5, and Cloudflare
Application Security, WAF, and OWASP form an interconnected defense strategy for web applications. OWASP (Open Web Application Security Project) provides the framework for identifying critical vulnerabilities through resources like the OWASP Top 10, while WAFs act as the protective layer that detects and blocks attacks targeting these vulnerabilities in real-time.
Secure AI Agent Infrastructure with Zero-Code MCP
Learn how to secure AI and MCP infrastructure without writing authorization code, rewriting MCP servers, or limiting agent work with Teleport’s zero-code MCP integration. AI agents are becoming powerful participants in engineering workflows. But without meaningful authorization boundaries, they can quickly become an existential security risk. AI agents do not behave like traditional applications. Instead, they generate actions and chain together tools in unpredictable ways.
Are LLMs becoming messengers for attackers? #ai #cybersecurity
AI assistants with broad enterprise access are creating a new attack vector. Chris Luft and Matt Bromiley discuss the Gemini Jack vulnerability, where attackers used prompt injection to turn Google's AI assistant into an unwitting accomplice in data exfiltration. The attack embedded hidden instructions in documents or emails. When employees asked Gemini normal questions like "show me our budgets," the AI retrieved the poisoned document and executed the attacker's commands without anyone clicking anything.
EP 21 - When attackers log in: Pausing for perspective in the age of instant answers
In this episode of Security Matters, host David Puner welcomes back David Higgins, senior director in CyberArk’s Field Technology Office, for a timely conversation about the evolving cyber threat landscape. Higgins explains why today’s attackers aren’t breaking in—they’re logging in—using stolen credentials, AI-powered social engineering, and deepfakes to bypass traditional defenses and exploit trust.
How the Social Engineering Toolkit Helps Red Teams
The Social Engineering Toolkit, or SET, is a tool that security teams use to copy the tricks that attackers use. It helps them see how well a company reacts when a message or link does not look legitimate. It can also test how people respond when they land on a copied website. Most guides cover only basic SET features. This blog explains how experts use SET in real tests and how defenders notice SET activity before harm occurs.
The Author's Take: The Past, Present, & Future of Third Party (Cyber) Risk Management
“It is also a common trap of giving inexperienced customers a false sense of security…”~Navigating Supply Chain Cyber Risk TPRM processes today are filled with thousands of pages of questionnaires, assessments, and more, but does that status quo really help secure your vendor ecosystem? Join Aleksandr Yampolskiy (CEO & Co-Founder, SecurityScorecard) and Alex Golbin (Co-Author, Navigating Supply Chain Cyber Risk) as they chat about.
EP 21 - When attackers log in: Pausing for perspective in the age of instant answers
In this episode of Security Matters, host David Puner welcomes back David Higgins, senior director in CyberArk’s Field Technology Office, for a timely conversation about the evolving cyber threat landscape. Higgins explains why today’s attackers aren’t breaking in—they’re logging in—using stolen credentials, AI-powered social engineering, and deepfakes to bypass traditional defenses and exploit trust.
Security Visionaries | Agentic AI Threats: Hype or Reality
Are agentic AI threats just hype or reality? Security Visionaries host Max Havey digs into the world of agentic AI-enabled threats and cyber espionage with guests Neil Thacker, Global Privacy and Data Protection Officer at Netskope, and Ray Canzanese, Head of Netskope Threat Labs. IN THIS EPISODE.
Understanding the Department of Justice (DOJ) Data Security Program
On April 8, 2025, the National Security Division (NSD) of the US Justice Department (DOJ) implemented the Data Security Program (DSP).