cybersecurity

Metasploitable2 - FTP Exploitation using vsftpd 2.3.4 Backdoor 1. Objective To identify and exploit a known vulnerability in an FTP service running on a vulnerable target machine using industry-standard reconnaissance and exploitation techniques. 2. Lab Environment Component Description Attacker Machine Kali Linux Target Machine Metasploitable2 Network Type Host-only / NAT (same subnet) 3. Tools …

IntroductionThIntrusion Detection Systems (IDS) for Internet of Things (IoT) and edge environments require datasets with unambiguous labels, yet existing datasets often mix benign and malicious traffic within the same capture window, producing ambiguous flow labels that may distort model evaluation.MethodsThis work introduces the TRUST Lab dataset, a flow-based traffic collection generated in an …

npm package security is one of the hardest parts of modern Node.js security because the npm ecosystem is massive. The npm registry has more than 2 million packages, making it the largest software registry in the world. That scale helps developers build quickly, but it also creates security risk: abandoned packages, vulnerable transitive dependencies, typosquatting, malicious releases, and supply …

The growing need for Pre-Breach and Risk Mitigation Services, in Cyber Risk Management  The alarming rise in cyber incidents is devastating. The median annual loss of a cybersecurity breach has risen to USD 3 million. Most business entities have been Read More ... The post Reflections From the Risk Management Lens first appeared on Risk Management Association of India .

Baby Zoengpuii, LL.M., The ICFAI University, Dehradun Prof. (Dr.) Arun Kumar Singh, The ICFAI University, Dehradun ABSTRACT The proliferation of digital technologies has engendered a distinct and alarming category of gender-based violence: cybercrimes against women. This paper undertakes a comprehensive doctrinal and analytical examination of the legal framework governing such offences in India, …

In April 2026, an alleged data breach involving Amtrak allegedly led to over 2.1 million unique customer records being breached. Hackers have also claimed that the attack will potentially impact up to 9.4 million records. Linked to the threat actor group ShinyHunters, this data breach has brought renewed focus to a growing cybersecurity trend: attacks designed not to disrupt systems but to extrac…

Ms. Usha S, B.A., LL.B., Chennai Dr. Ambedkar Government Law College, Pudupakkam, Chengalpattu (Dt.), Tamil Nadu ABSTRACT Internet has now entangled with the human life. Every person depends upon internet for one use or another; as of 2024 about 68% of the world’s population engaged in internet usage. The internet i.e., the World Wide Web (www) contains a hierarchy starting from the most commonly…

A hands-on technical breakdown of the WannaCry ransomware, the EternalBlue exploit, and why system patching is still critical today. Imagine it’s a typical Monday morning at a mid-size hospital. An older Windows computer in the Radiology department hasn't been updated in months. The hospital's network is completely "flat," meaning every computer can seamlessly talk to every other device on the ne…

This Collection invites original research on the development and application of digital twins for security testing, aiming to advance secure-by-design principles in complex systems.

Hello everyone, I'm @xiaoqiangapi , the Chinese teacher who gives apis a "check-up". An article on , my SQL injection, XSS and prompt hijacked, API are blocked off. Let's take a different approach today - ** not attack, test 'resilience' **. Would the API crash if a sudden wave of requests came in, or if someone typed several thousand characters? I'm curious about it. The tools are still the same…

This presentation is an adaptation of a keynote address delivered by Sasha Le, Senior Engineer, Tide Foundation at the launch event of the RMIT AWS Innovation Lab (RAIL) on 21st of April, 2026 The Human Vulnerability In 2022, a ransomware group named Lapsus$ breached some of the most sophisticated tech companies on the planet. The list included Microsoft, Nvidia, Okta, Uber, and Samsung. The ring…

📂 Series: SIEM Deployment Alright, let's talk shop. After over a decade in the trenches – from building out SOCs from scratch to wrangling SIEMs like Splunk, QRadar, and Microsoft Sentinel in some seriously high-stakes environments – I've seen a lot of tools come and go. Some are brilliant, some are overhyped, and some just… work. Wazuh falls firmly into that last category, with a generous helpin…

Recognized for Completeness of Vision and Ability to Execute We are excited to share that Cyble has been recognized as a Challenger in the 2026 Gartner® Magic Quadrant™ for Cyber Threat Intelligence. Check back for a complimentary copy of the full report soon! In our view, this recognition reflects what we hear from the security […] The post Cyble Named a Challenger in the 2026 Gartner® Magic Qua…

Ever since its recent boom, AI now plays a role in almost every industry, including education. Many schools use AI to protect digital systems, including student and staff records . AI can help detect threats and respond faster than traditional tools. At the same time, attackers use AI to launch smarter scams and automated attacks. This fact raises a question: Do the benefits of AI-driven cybersec…

This paper argues that cybernetic and AI-enabled systems require a stronger evaluative standard than stability, optimization, or procedural oversight. As feedback and control architectures increasingly govern human environments, systems can remain coherent and apparently well-regulated while becoming less revisable under consequence. The paper uses Structural Intelligence to distinguish coherent …

China is exporting a large number of electric vehicles around the world amid today's oil shock. The cars' internet connectivity, however, could make importers vulnerable to cyberattacks. The post Chinese electric vehicle exports rise amid the oil crisis, posing a dilemma for importing countries appeared first on Atlantic Council .

Cyber attacks are becoming more frequent and more expensive because criminals are still getting paid. Despite growing awareness, the economics of ransomware still favour attackers. Only 17% of UK organisations hit by ransomware chose to pay, but even among those who do pay, outcomes remain unreliable. According to UK‑wide data , oranisations are now three times more likely to recover from backups…

A real-world case study in passive threat intelligence and open-source investigation . Disclaimer: This research was conducted exclusively for educational purposes and passive threat intelligence . No systems were breached, no credentials were used without authorization, and no sensitive identifying data is reported in this article. All information collected comes from publicly accessible sources…

Manual content discovery is a core skill in application security testing. Instead of relying only on automated scanners, you can use simple HTTP requests and browser tools to find exposed files, hidden paths, and technology fingerprints. This covers techniques like checking robots.txt , fingerprinting favicons, reading sitemap.xml , inspecting HTTP headers, and spotting framework markers in HTML …

On April 7 Anthropic published technical Mythos report ,as well as announced Claude Mythos Preview and Project Glasswing . The claim was that their newest model could autonomously identify and exploit real vulnerabilities in major open-source projects at unprecedented scale. One of Anthropic's public showcase examples was the Linux kernel, which is not some toy repo but the operating system unde…