CyberSecurity Research

In a study examining popular corporate VPN clients, including traditional SSL-VPN clients and modern Zero Trust solutions, researchers uncovered vulnerabilities in the trust relationships between these VPN clients and their servers. These flaws demonstrated how...

A new Python automation framework has been released for risk identification in generative AI. This new framework has been named "PyRIT," and it can help security professionals and machine learning engineers find risks in...

As our digital footprints expand, so does our vulnerability to cyber threats. It's an ongoing battle to keep personal and organizational data safe. One significant weapon in the security arsenal is something known as...

In a major update aimed at revolutionizing the way cybersecurity professionals tackle threats, ANY.RUN has unveiled its redesigned Threat Intelligence (TI) Lookup platform. The latest update introduces an enhanced home screen that integrates the...

Malware sandboxes are integral to security applications like intrusion detection, forensics, and threat intelligence, but using them correctly is challenging due to choices in implementations, monitoring techniques, and configurations.  Improper use can negatively impact applications...

A critical vulnerability in a traffic light controller has been found, which might allow attackers to change the lights and cause a traffic jam.  A traffic signal controller is one of the most essential devices...

Once upon a time, I.T. security teams depended on hodgepodges of different cybersecurity solutions from various vendors. However, these multivendor tech stacks became prohibitively costly and complex to integrate and manage, creating gaps for...

A new sophisticated malware, which is written in C# and has sophisticated functionalities, has been discovered. This new malware has been named  Xeno RAT and is capable of evading detection, payload generation and to...

Air-gapped systems are security measures that isolate "computers" and "networks" from external connections (like the "internet") to block 'unauthorized access' and 'cyber threats.' ⁤ ⁤This isolation can be done via "physical disconnection" or "logical configurations"...

The research identifies a critical security vulnerability in GitHub Actions artifacts, enabling unauthorized access to tokens and secrets within CI/CD pipelines.  Misconfigured workflows in major organizations' public repositories exposed sensitive information, potentially compromising cloud environments...