cybersecurity

We are happy to announce that Unicorn Engine was awarded by Alibaba Cloud for its impact on the cybersecurity field (and beyond since our project is widely used for other purposes, too)! Unicorn Engine was created and released more than 7 years ago to the public. We launched Unicorn Engine under an open-source license with the goal of contributing to the community and helping as many people as po…

Unit 42 discovered a Vertex AI Python SDK vulnerability that allows remote code execution via bucket squatting. Read the article for more. The post Pickle in the Middle – Hijacking Vertex AI Model Uploads for Cross-Tenant RCE appeared first on Unit 42 .

Experts say criminal networks favour Sri Lanka due to ease of getting tourist visas and limited regulation on sim cards and internet connections Experts have warned that Sri Lanka is emerging as a hub for transnational cybercrime, after a crackdown in south-east Asia pushed Chinese-run criminal networks to relocate their vast scam operations. Sri Lankan police spokesperson Fredrick Wootler said t…

Attackers can move from access to exfiltration in 72 minutes. Learn how modern SOC teams close the speed gap with Unit 42's AI-driven automation, threat hunting, MDR and Managed XSIAM. The post Inside the Modern SOC: The 72-Minute Race appeared first on Unit 42 .

I ran my own AI chatbot plugin through a security review before release, and it came back with 35 bugs. Three were critical. The one that made my stomach drop was an HTML injection coming from unsanitized model output. I had spent all my worry on the input side: prompt injection, the path where a user types a malicious instruction. What actually bit me was the output. The model handed back a stri…

PyPI Supply Chain, OWASP LLM Top 10, & eBPF Cloud-Native Security Today's Highlights Today's security highlights include a critical new malicious PyPI package targeting developers, a comprehensive guide to the OWASP Top 10 vulnerabilities for LLM applications, and practical insights into leveraging eBPF for advanced cloud-native security monitoring. New Malicious PyPI Package 'ColorLib' Targets D…

CVE is a database used for categorizing and reporting security vulnerabilities in software. There are various kinds of vulnerabilities that can be reported. Some of them are caused simply by bugs in the program logic (like a recent CVE reported in Cargo), but some of the most nasty ones are caused by memory unsafety, which can easily lead to exploits. In this post I want to focus on the latter ki…

Introduction Some time ago, while exploring Slack’s Block Kit reference, I noticed something peculiar: the video block. When I saw that it accepted a video_url, the first thing I thought was: how does it distinguish between any content and an actual video? Would there be any particular requirement or limitation in the embed? Foreign sources? Yeah, no. There is no runtime check, other than checkin…

A major security flaw that allowed attackers to impersonate other people in text message conversations has finally been fixed across the United States, thanks to the work of computer scientists at the University of California San Diego. The vulnerability affected both Android and iPhone users and involved nearly all major wireless carriers, including Verizon, T-Mobile, […] The post Hidden texting…

A group made up of dozens of cybersecurity experts urged the White House to remove export control restrictions on Anthropic’s models Fable and Mythos, arguing that the order is going to limit the ability of cybersecurity defenders to secure their software and products.

By Chuck Brooks, president of Brooks Consulting International and one of Executive Mosaic’s GovCon Experts We have now transitioned from the age of digital dangers to an era of complete systemic vulnerability. The data clearly demonstrates that cyber threats are no longer sporadic; they represent a persistent, sophisticated phenomenon. Hackers are now utilizing autonomous adversaries […]

On June 3, JFrog Security Research published their analysis of IronWorm — a supply chain attack that compromised 37 npm packages through the asteroiddao account. A 976KB Rust ELF binary triggered by preinstall . Caught early, before spreading to popular packages. But the techniques are a step change from everything that came before. Three things make IronWorm different. 1. It commits as "claude" …

I spent the last few weeks building SecureCheck AI — a free web-based cybersecurity intelligence platform for developers. Here is what it does: Paste any website URL and get a security score from 0 to 100 It checks real HTTP headers — CSP, X-Frame-Options, HTTPS redirects and more It tells you exactly what is missing and how to fix it It detects the tech stack of any website without touching thei…

You wake up to this email from AWS: Irregular Activity Detected for Your AWS Access Key As part of our standard monitoring of AWS systems, we observed anomalous activity in your AWS account that indicated your AWS access key(s), along with the corresponding secret key, may have been inappropriately accessed by a third party. Your stomach drops. The email links to a compromised access key: AKIA123…

The blast radius of an API key is not "did it leak." It's "if the agent holding it does the wrong thing, how much of your stack goes with it." A secret scanner answers the first question. Nothing in your toolchain answers the second one before an incident. So I wrote 40 lines that do, offline, from the permission metadata you already have. In short: the blast radius of an API key is set by its pe…

You get a scenario question on the SY0-701. A company's database can lose at most 15 minutes of transactions, and it has to be back online within 2 hours of an outage. The question asks which metric describes the 15 minutes. If you have to stop and think, you are not alone. The recovery and risk metrics are some of the easiest points on the exam to bank and some of the easiest to throw away, beca…

The Democratization of the Security Operations Center Historically, Security Operations Centers (SOCs) were the exclusive domain of large enterprises, requiring massive capital expenditures, dedicated climate-controlled server rooms, and a small army of analysts. In the contemporary cybersecurity landscape, however, the traditional perimeter is dissolving. As organizations adopt hybrid cloud arch…

I'm Akilesh Nairy, founder of Monarc (usemonarc.com) — a cybersecurity platform I've been building solo since February 2026. The problem I kept seeing UAE SMEs face AED 20M penalties under the Personal Data Protection Law (PDPL) but most have no idea if their websites are even secure. Every tool I found was either enterprise-priced or required a dedicated security team to operate. What I built Mo…

The long-running series in which readers answer other readers’ questions on subjects ranging from trivial flights of fancy to profound scientific and philosophical concepts This week’s question: Is ‘ripen at home’ fruit the supermarkets’ idea of a joke? I’ve been struggling to get my head around the idea that a passkey, which can be a pin on your phone, or facial recognition, can be safer than us…