Command injection is a vulnerability still very prevalent in web applications despite being less famous than its cousins SQL injection or Code injection. If you’re familiar with other injection vulnerabilities, you’ll recognize the common principle: untrusted user input is not properly validated, leading to the execution of arbitrary system commands. This flaw occurs when unvalidated input is passed to system-level functions. So how prominent is command injection actually?

As organizations deploy more AI-enabled systems across their networks, adversaries are taking note and using sophisticated new tactics, techniques and procedures (TTPs) against them. The need for continued innovation to fight these threats is paramount.

In this version of the Hacker’s Playbook Threat Coverage round-up, we highlight attack coverage for several new threats. SafeBreach customers can select and run these attacks and more from the SafeBreach Hacker’s Playbook to ensure coverage against these advanced threats. Additional details about the threats and our coverage can be seen below.

Welcome to Corelight Labs' latest hunt! This blog continues our tradition of analyzing trending threat groups and TTPs on Any.Run and writing detectors for them, providing the community with open-source threat intelligence, and acting as a tutorial in engineering threat detections with Zeek Script.

Even though cybersecurity is always changing, phishing attacks are still a threat that is getting worse. The goal of these attacks is to get people to give up private data like passwords, financial information, or company secrets by using social engineering tricks. As technology has improved, phishing schemes have grown more complex in 2024. They now use convincing methods to target both people and businesses. According to new studies, 91% of cyberattacks start with a phishing email.

Cyber threats are at an all-time high because the digital world is rapidly changing so quickly. Every day, new vulnerabilities are found in security systems. Attacks threaten businesses of all sizes by stealing data, disrupting operations, and damaging reputations. It has become clear that Vulnerability Management as a Service (VMaaS) is the best way for companies to protect their digital assets without having to manage security systems themselves.

Secure Access Service Edge (SASE) is a holistic security model that integrates both networking and security functions into a single, cloud-native architecture. SASE security combines secure network access, SASE cloud security and zero-trust technologies to create a unified approach to protecting the enterprise networks of today. SASE can be extremely useful especially for organizations adopting digital transformation and remote work. Some of the SASE benefits are.

Explore NIST-backed guidance on securing Non-Human Identities, reducing risks, and aligning with zero trust principles in cloud-native infrastructures.

The threat group FIN7 is using the lure of generating nude images of favorite celebrities to get victims to download their NetSupport RAT. In any social engineering scam, there’s always the need to create some sense of urgency to act in order to make the potential victim take an action that enables the attack. In the case of a new attack by threat group FIN7, the urgency appears to be the desire to see deepfake nude images.

A phishing campaign is impersonating HR to target employees who are making annual insurance changes during the open enrollment period, according to researchers at Abnormal Security. The attackers are using legitimate notifications from Dropbox to send phishing messages, asking recipients to view a document on Dropbox regarding annual salary increases and open enrollment elections.