CISA warns of critical Palo Alto Networks bug exploited in attacks
Today, CISA warned that attackers are exploiting a critical missing authentication vulnerability in Palo Alto Networks Expedition, a migration tool…
DocuSign’s Envelopes API abused to send realistic fake invoices
Threat actors are abusing DocuSign's Envelopes API to create and mass-distribute fake invoices that appear genuine, impersonating well-known brands like…
Schneider Electric confirms dev platform breach after hacker steals data
Schneider Electric has confirmed a developer platform was breached after a threat actor claimed to steal 40GB of data from…
EmeraldWhale’s Massive Git Breach Highlights Config Gaps
The large-scale operation took advantage of open repositories, hardcoded credentials in source code, and other cloud oversights.
Interbank confirms data breach following failed extortion, data leak
Interbank, one of Peru's leading financial institutions, has confirmed a data breach after a threat actor who hacked into its…
Building Resilience: A Post-Breach Security Strategy for Any Organization
In the wake of a recent breach that compromised sensitive information, a healthcare organization sought my guidance on how to…
Detection Engineering in Post SIEM and SOAR World
A few years back, my security team was tasked to create and maintain a green field environment for FEDRAMP compliance.…
Safeguarding Corporate Secrets: Best Practices and Advanced Solutions
Do you know where all the secrets are? The probable answer to this might be NO and believe me you…
Internet Archive breached again through stolen access tokens
The Internet Archive was breached again, this time on their Zendesk email support platform after repeated warnings that threat actors…
Cisco takes DevHub portal offline after hacker publishes stolen data
Cisco confirmed today that it took its public DevHub portal offline after a threat actor leaked "non-public" data, but it…