Latest News

Cybersecurity researchers have warned of ongoing phishing campaigns that abuse refresh entries in HTTP headers to deliver spoofed email login pages that are designed to harvest users' credentials. "Unlike other phishing webpage distribution behavior through HTML content, these attacks use the response header sent by a server, which occurs before the processing of the HTML content," Palo Alto

In a previous post-quantum (PQ) article, we introduced the threat that quantum computing presents for any systems, networks and applications that utilize cryptography. In this article, you’ll learn what you can do to assist your organization in achieving crypto-agility with Red Hat and what to expect of Red Hat products as we begin to integrate post-quantum cryptographic functions into them.The capabilities described in the following sections assume timely and functional implementation of industry standards and specifications and the libraries that implement them. If these are not achieved,

Plus: New evidence emerges about who may have helped 9/11 hijackers, UK police arrest a teen in connection with an attack on London’s transit system, and Poland’s spyware scandal enters a new phase.

Ivanti has revealed that a newly patched security flaw in its Cloud Service Appliance (CSA) has come under active exploitation in the wild. The high-severity vulnerability in question is CVE-2024-8190 (CVSS score: 7.2), which allows remote code execution under certain circumstances. "An OS command injection vulnerability in Ivanti Cloud Services Appliance versions 4.6 Patch 518 and before allows

The incident is a reminder why organizations need to pay attention to how they store and secure data in SaaS and cloud environments.

In this case study, a CISO helps a B2B marketing automation company straighten out its manual compliance process by automating it.

A broken access control vulnerability exists prior to commit 1f043d8798ad87346dfe378eea723bff78ad7433 of lunary-ai/lunary. The `saml.ts` file allows a user from one organization to update the Identity Provider (IDP) settings and view the SSO metadata of another organization. This vulnerability can lead to unauthorized access and potential account takeover if the email of a user in the target organization is known.

A Cross-Site Request Forgery (CSRF) vulnerability exists in lunary-ai/lunary version 1.2.34 due to overly permissive CORS settings. This vulnerability allows an attacker to sign up for and create projects or use the instance as if they were a user with local access. The main attack vector is for instances hosted locally on personal machines, which are not publicly accessible. The CORS settings in the backend permit all origins, exposing unauthenticated endpoints to CSRF attacks.