computer-security

European offensive cybersecurity company Paradigm Shift released details of a flaw and a technique to exploit it that opens the door for hackers to unlock and break into older iPhones.

Thalha Jubair and Owen Flowers, linked to the Scattered Spider hacking group, change pleas on first day of expected six-week trial Two British cybercriminals linked to the Scattered Spider hacking group have pleaded guilty to a cyber-attack on Transport for London in 2024 that cost £39m and affected 10 million people. Thalha Jubair, 20, and Owen Flowers, 18, pleaded guilty to offences under the C…

Huntress, HackerOne, Jamf, Recorded Future, and Tanium are among the cybersecurity companies that had data stolen following an earlier breach at market research firm Klue.

When that AWS service account gets compromised, who do you call? A question that shouldn't be hard. If you're in security or platform engineering, you already know the answer is usually "I have no idea." Maybe you search through GitHub commit history. Maybe you ping three different Slack channels. Maybe you can check the wiki that hasn't been updated since 2023. And while you're doing all that de…

Cybersecurity has emerged as the largest risk facing companies, according to a recent survey conducted by consulting and advisory firm BDO. As organizations accelerate digital transformation and increase reliance on connected technologies, concerns over cyberattacks, data breaches, ransomware, and operational Read More ... The post Cybersecurity Emerges as the Leading Risk Concern for Businesses …

A database password leaks. Maybe it was committed to a private repo three years ago, maybe it sat in a CI log, maybe a contractor copied it into a Slack DM. You do not know, because that password has been valid the entire time and nobody rotated it. Now you are in an incident channel at 2am trying to figure out the blast radius of a credential that every service, every old laptop, and every backu…

The only truly secure system is one that is powered off, cast in a block of concrete, and sealed in a lead-lined room with armed guards and even then I have my doubts.- GeneSpafford In any real-world API-driven system, the interface you expose is also the attack surface you inherit. Every endpoint that returns data, accepts input, or triggers an action is a potential entry point for an attacker. …

Summary Postman is an easy-rated Linux machine on HackTheBox. The box exposes an unauthenticated Redis instance that allows writing an SSH public key to the redis user's .ssh directory, granting initial shell access. From there, an encrypted RSA private key belonging to user Matt is recovered, cracked offline with John the Ripper, and reused (due to password reuse) to su into Matt for the user fl…

The scary part of an agent-driven container escape is not the container escape. That sounds wrong, so let me be precise. The primitives in Sysdig's latest threat research are not new magic. A mounted Docker socket has been a bad idea for years. Over-permissioned Kubernetes service accounts have been a bad idea for years. Privileged containers are dangerous. Host namespace tricks are dangerous. Se…

Agentic AI systems call APIs, query databases, execute code, and modify production systems without waiting for human approval. That autonomy makes them useful and raises the stakes for security teams. Organizations deploying AI agents report behaviors such as improper data exposure and access to unauthorized resources. This article identifies eight cybersecurity risks specific to agentic ... Read…

The Incident Microsoft's threat intelligence team has attributed a supply chain attack targeting the Mastra AI ecosystem to Sapphire Sleet (also tracked as BlueNoroff), a North Korean state-sponsored hacking group. The attackers compromised over 140 npm packages — not obscure, one-download throwaway packages, but packages embedded in the Mastra AI dependency graph that developers and AI coding to…

A developer merges a pull request on a Friday afternoon. The repository is public. The commit includes an AWS access key hardcoded in a config file. Twenty minutes later, an email arrives from AWS Abuse. By then, someone has already found the key, spun up EC2 instances in three regions, and started mining. The bill reaches $3,000 before the key is rotated. This is not a rare scenario. It happens …

At some point I needed a fast way to get SIP traffic monitoring into Prometheus — without installing agents on servers, configuring SPAN ports on switches, or being locked into specific software. Just connect to a network interface and see everything happening. With minimal latency and zero impact on telephony performance — monitoring shouldn't become the source of problems. In this article — how…

Originally published at shieldly.io/blog . "Least privilege" — granting an identity only the permissions it needs and nothing more — is the most repeated advice in AWS security and the least often followed. Not because teams disagree with it, but because manually scoping every policy is tedious, and an over-broad policy "just works." Here is a practical workflow for getting there without grinding…

Remote File Inclusion (RFI) is a web vulnerability where an application accepts a URL from user input, fetches the file at that URL, and executes it. When there is no validation on what URLs are allowed, an attacker can point the application to a malicious script on their own server and get it executed remotely. This pattern shows up in automation tools, plugin systems, and CI/CD pipelines. The i…

Whenever I set up a new VPS, I always dedicate my first 45 minutes to essential security steps. This period is a critical window to protect the server from the simplest yet most common external attacks. The moment a server goes online, it starts being scanned by bots within seconds, and systems left with default settings quickly become targets. In this guide, I'll share a fast and effective VPS h…

Hi, it's Furkan. I'm a security professional prepping for the CompTIA SecAI+ (CY0-001) cert, and I couldn't find study material that actually clicked for me, so I built my own and structured it around the exam blueprint. This is me sharing it back. Each post maps to one objective, and I've leaned hard on real-world scenarios because that's what made it stick for me. If it helps you pass too, even…

The dangerous thing about CI agents is not that they can write code. It is that they run in the place where we already concentrate trust. CI has repository access. CI has tokens. CI has build logs. CI can fetch dependencies, publish artifacts, comment on pull requests, open issues, deploy previews, and sometimes touch production systems. It is the automation layer we taught ourselves to trust bec…

For the last 30 years, stopping the flow of cybersecurity-related software has proven to be ineffective. It's unclear why it would work now with Anthropic’s cybersecurity model Mythos.

Defenders don't rest. They wake up every day thinking about how to protect the systems that they are charged to protect. Meanwhile, attackers are also looking for crafty ways to infect a system or break into computer networks. In the end, it's good for everyone if defenders are always one step ahead of the attackers. EvilTokens: A phishing attack that doesn’t steal your password A phishing attack…