Mitigating Undetected Threats Within Your Entra Environment
Inviting guest users into your Entra ID tenant may expose you to significant risks.
A vulnerability in Microsoft Entra’s subscription management allows guest users to create and transfer subscriptions…
Inviting guest users into your Entra ID tenant may expose you to significant risks.
A vulnerability in Microsoft Entra’s subscription management allows guest users to create and transfer subscriptions…
Microsoft Vulnerability Continues to Expose SaaS Applications Two Years Post-Discovery
A critical vulnerability in Microsoft’s Entra ID continues to expose numerous enterprise applications, two years post-discovery. Semperis, an identity security provider, presented new findings regarding this threat at the…
A critical vulnerability in Microsoft’s Entra ID continues to expose numerous enterprise applications, two years post-discovery. Semperis, an identity security provider, presented new findings regarding this threat at the…
Arrest of ShinyHunters and Associates in France
The FBI’s recent apprehension of Conor Brian Fitzpatrick, known online as “Pompompurin,” in March 2023, marked a significant disruption to the operations of “Breached.” Fitzpatrick, an American national, was…
The FBI’s recent apprehension of Conor Brian Fitzpatrick, known online as “Pompompurin,” in March 2023, marked a significant disruption to the operations of “Breached.” Fitzpatrick, an American national, was…
Emerging WordPress Malware Disguises Itself on Checkout Pages, Mimicking Cloudflare Functionality
A recent analysis has unveiled a complex malware campaign targeting WordPress sites, facilitated by a malicious plugin masquerading as a legitimate WordPress Core component. This sophisticated attack, active since…
A recent analysis has unveiled a complex malware campaign targeting WordPress sites, facilitated by a malicious plugin masquerading as a legitimate WordPress Core component. This sophisticated attack, active since…
Data Brokers’ Non-Compliance with State Consumer Protection Agency Registration Requirements
Hundreds of data brokers remain unregistered with state consumer protection agencies, as highlighted by recent findings from privacy advocacy groups.
Data brokers, in various forms, aggregate personally identifiable information…
Hundreds of data brokers remain unregistered with state consumer protection agencies, as highlighted by recent findings from privacy advocacy groups.
Data brokers, in various forms, aggregate personally identifiable information…
Emergence of Advanced ‘Fake Interview’ Schemes Utilizing 35 npm Packages for Malware Distribution
The recent resurgence of North Korea’s ‘Contagious Interview’ campaign has emerged as a significant threat, targeting job seekers through malicious npm packages designed to compromise developers’ devices. These packages…
The recent resurgence of North Korea’s ‘Contagious Interview’ campaign has emerged as a significant threat, targeting job seekers through malicious npm packages designed to compromise developers’ devices. These packages…
Ongoing nOAuth Vulnerability Impacting 9% of Microsoft Entra SaaS Applications Two Years Post-Discovery
Recent research has highlighted ongoing risks associated with a known security vulnerability in Microsoft’s Entra ID, which may allow malicious actors to execute account takeovers within certain software-as-a-service (SaaS)…
Recent research has highlighted ongoing risks associated with a known security vulnerability in Microsoft’s Entra ID, which may allow malicious actors to execute account takeovers within certain software-as-a-service (SaaS)…
Hackers Exploit Open-Source Tools to Target Financial Institutions in Africa
Unit 42, the research team at Palo Alto Networks, has uncovered a malicious campaign targeting financial organizations throughout Africa. This campaign, conducted by a group identified as CL-CRI-1014, has…
Unit 42, the research team at Palo Alto Networks, has uncovered a malicious campaign targeting financial organizations throughout Africa. This campaign, conducted by a group identified as CL-CRI-1014, has…
The Implications of Security Breaches
Six months following a significant data breach affecting students, families, and school staff nationwide, including all school districts in Southeastern North Carolina, the North Carolina Department of Public Instruction…
Six months following a significant data breach affecting students, families, and school staff nationwide, including all school districts in Southeastern North Carolina, the North Carolina Department of Public Instruction…
Facial Recognition: Options and Procedures for Opting Out
During a recent visit to our Estonian office, our remote team engaged in discussions about travel experiences. David Ruiz, our senior privacy advocate, shared his choice to opt out…
During a recent visit to our Estonian office, our remote team engaged in discussions about travel experiences. David Ruiz, our senior privacy advocate, shared his choice to opt out…
Hacker ‘IntelBroker’ Indicted in the United States for International Data Theft Violations
A British national, known online as “IntelBroker,” has been indicted in the United States for the global theft and sale of sensitive data, allegedly causing damages estimated at $25…
A British national, known online as “IntelBroker,” has been indicted in the United States for the global theft and sale of sensitive data, allegedly causing damages estimated at $25…
Exploitation of Open-Source Tools by Cyber Criminals Targeting Financial Institutions Throughout Africa
Cybersecurity researchers have reported a series of cyber attacks targeting financial organizations across Africa since July 2023, utilizing a combination of open-source and publicly accessible tools to maintain persistent…
Cybersecurity researchers have reported a series of cyber attacks targeting financial organizations across Africa since July 2023, utilizing a combination of open-source and publicly accessible tools to maintain persistent…
French Authorities Apprehend Four Individuals Linked to Notorious BreachForums
Four individuals in their twenties have been apprehended in France due to their alleged involvement with the notorious dark web forum, BreachForums.
On June 25, Laure Beccuau, a State…
Four individuals in their twenties have been apprehended in France due to their alleged involvement with the notorious dark web forum, BreachForums.
On June 25, Laure Beccuau, a State…
Former Student Indicted for Series of Cyber Attacks Against Sydney University
A former student has been charged in connection with multiple cyber attacks on a university in Sydney, impacting hundreds of staff and students. Since 2021, Western Sydney University faced…
A former student has been charged in connection with multiple cyber attacks on a university in Sydney, impacting hundreds of staff and students. Since 2021, Western Sydney University faced…
BreachForums: Arrest of ShinyHunters Members and Identification of IntelBroker as Kai West
Four individuals believed to be associated with the ShinyHunters hacking group have been arrested in a coordinated international law enforcement operation. Among those identified is Kai West, a British…
Four individuals believed to be associated with the ShinyHunters hacking group have been arrested in a coordinated international law enforcement operation. Among those identified is Kai West, a British…
Exploited Artificial Intelligences: Facilitating the Advancement of Cybercriminal Expertise
Cybercriminals are increasingly circumventing the protective measures designed to prevent AI models from being exploited for illicit activities, according to recent research.
The misuse of AI technologies by criminal…
Cybercriminals are increasingly circumventing the protective measures designed to prevent AI models from being exploited for illicit activities, according to recent research.
The misuse of AI technologies by criminal…
Cisco Issues Urgent Alert on Critical RCE Vulnerabilities in Identity Services Engine
Cisco has issued a security advisory regarding two critical, unauthenticated remote code execution (RCE) vulnerabilities affecting the Cisco Identity Services Engine (ISE) and the Passive Identity Connector (ISE-PIC).
The…
Cisco has issued a security advisory regarding two critical, unauthenticated remote code execution (RCE) vulnerabilities affecting the Cisco Identity Services Engine (ISE) and the Passive Identity Connector (ISE-PIC).
The…
Significant Vulnerability in Open VSX Registry Poses Risk of Supply Chain Attacks for Millions of Developers
Cybersecurity researchers have identified a significant vulnerability in the Open VSX Registry (open-vsx.org), which, if successfully exploited, could allow attackers to gain control over the entire Visual Studio Code…
Cybersecurity researchers have identified a significant vulnerability in the Open VSX Registry (open-vsx.org), which, if successfully exploited, could allow attackers to gain control over the entire Visual Studio Code…
Hundreds of MCP Servers Vulnerable to Remote Code Execution and Data Exposure
A growing number of Model Context Protocol (MCP) servers, which are linked to artificial intelligence, have been identified as misconfigured and vulnerable to significant security threats. Recent research reveals…
A growing number of Model Context Protocol (MCP) servers, which are linked to artificial intelligence, have been identified as misconfigured and vulnerable to significant security threats. Recent research reveals…
Preventive Detention of Cyber Offenders: Supreme Court of Tamil Nadu Approves Measures to Mitigate Cybercrime Risks
The Supreme Court has affirmed the Tamil Nadu government’s initiative to implement preventive detention laws targeting cybercriminals. Justices Sandeep Mehta and Joymalya Bagchi described this action as a commendable…
The Supreme Court has affirmed the Tamil Nadu government’s initiative to implement preventive detention laws targeting cybercriminals. Justices Sandeep Mehta and Joymalya Bagchi described this action as a commendable…