Security | Threat Detection | Cyberattacks | DevSecOps | Compliance



What are AI Phishing Attacks?

What are AI Phishing Attacks? AI phishing attacks, also known as AI-powered phishing or AI-driven phishing, are sophisticated cyberattacks that leverage artificial intelligence and machine learning algorithms to craft and execute highly convincing phishing attempts. These attacks are designed to deceive individuals or employees into divulging sensitive information, such as login credentials, financial details, or personal data. How Do AI Phishing Attacks Work?


Ensuring Compliance in an Ever-Evolving Cloud Security Landscape

According to CSO the fines incurred for data breaches or non-compliance with security and privacy laws, for only a handful of companies, has cost $4.4 billion. The global average cost of a data breach in 2023 was $4.45 million, a 15% increase over 3 years (IBM). The challenge for organizations is how to safeguard sensitive information while adhering to the law, but without compromising innovation. Cyber threats loom large, affecting businesses in every industry.


Secrets Management Best Practices: Secure Cloud-native Development Series

Build secure cloud-native applications by avoiding the top five security pitfalls we lay out in our Secure Cloud-native Development Series. This blog is the fifth and final part of the series, and it will teach you to handle credentials and secrets management best practices for securing cloud-native applications. Every organization has their way of managing credentials. In the past, with legacy application architectures, this was a bit more manual and arduous.


Ensuring vendor integrity: Why the cloud shouldn't be your only backup

As a senior consultant I deal with customers across numerous industries and maturity levels. I am often engaged in conducting risk assessments or gap analysis aligned with common frameworks such as the National Institute for Standards and Technology’s (NIST) Cybersecurity Framework (CSF). Most, if not all, the frameworks have a few controls that focus on the organization’s backup processes and disaster recovery plans.


2023 OWASP Top-10 Series: API9:2023 Improper Inventory Management

Welcome to the 10th post in our weekly series on the new 2023 OWASP API Security Top-10 list, with a particular focus on security practitioners. This post will focus on API9:2023 Improper Inventory Management. In this series we are taking an in-depth look at each category – the details, the impact and what you can do about it.


Mockbin and the Art of Deception: Tracing Adversaries, Going Headless and Mocking APIs

On September 4, 2023, CERT-UA revealed a meticulously planned cyberattack targeting Ukraine's critical energy infrastructure. The attack's modus operandi was distinct; it utilized deceptive emails containing bait links, luring victims into downloading a seemingly innocuous ZIP archive. This archive, however, harbored malicious files designed to hijack the victim's computer, redirecting data flows and exfiltrating sensitive information using services like and


From diligence to integration: How software audits inform post-close M&A strategies

Software due diligence is an all-important aspect of any merger and acquisition (M&A) transaction, and in the tech M&A world, a target’s software assets are a significant part of the valuation. This due diligence process should identify a target company’s open source license obligations, application security and code quality risks, and the organization, processes, and practices that compose the software development life cycle.

noname security

Noname Security and Intel Trust Authority: Building Trust Through Confidential Computing

Intel’s Trust Authority is a new service that provides remote verification of the trustworthiness of a compute asset, based on attestation (cryptographic verification) and policy (a legitimate workload). This is a significant development for confidential computing, as it provides a way for organizations to independently verify the security of their workloads. Noname Security is excited to be a partner in the Intel Trust Authority program.