A new report from CyCognito, a cybersecurity exposure platform, has uncovered a significant blind spot in enterprise web security: more than half of internet-facing enterprise assets are not protected by Web Application Firewalls (WAFs) — including many that collect sensitive user data. The research analyzed over 500,000 external-facing assets from Fortune 2000 and Fortune 500

Continue Reading

Plex, a popular personal media server and streaming platform, has disclosed a recent security incident that exposed limited user account data. In an official announcement, the company stated that an unauthorized third party accessed one of its internal databases. While the breach was contained quickly, the affected data includes usernames, email addresses, hashed passwords, and

Continue Reading

Researchers at Wiz, a cloud security software company, have released new findings on the recent compromise of the Nx JavaScript framework, revealing a multi-phase supply chain attack that affected thousands of users and involved experimental use of AI-assisted malware. The incident began with the compromise of an npm publishing token through a vulnerable GitHub Action.

Continue Reading

A recent cybersecurity report from VirusTotal, a leading online malware detection and analysis platform, reveals a sophisticated malware campaign delivered through seemingly harmless SVG files. These malicious files utilized advanced phishing techniques and malware delivery that had evaded traditional antivirus detection. Even long after Adobe discontinued Flash support, SWF files continue to circulate and sometimes

Continue Reading

The Shadowserver Foundation, a non-profit security organization, has identified a significant uptick in high-severity activities involving hosts performing HTTP-based scans across diverse networks worldwide. These activities often include attempts to detect and potentially exploit vulnerabilities in targeted systems. The report, originally developed as part of the EU Horizon 2020 SISSDEN Project and extended under the

Continue Reading

Recently, a security incident involving the unauthorized issuance of TLS certificates for 1.1.1.1, a widely used public DNS resolver, has come to light. Over nearly a year and a half, a Certificate Authority (Fina CA) issued twelve certificates for this IP address without proper authorization. While there’s no current evidence these certificates were exploited maliciously,

Continue Reading

In recent weeks, Cloudflare has been actively protecting its network from a surge of large-scale Distributed Denial of Service (DDoS) attacks. Security systems have autonomously identified and blocked hundreds of these malicious assaults, some reaching unprecedented volumes. One of the most significant attacks peaked at an astonishing 5.1 billion packets per second, and 11.5 terabits

Continue Reading

Jaguar Land Rover (JLR), the British automotive manufacturer known for its luxury vehicles including Range Rover, Discovery, and Jaguar’s line of elegant vehicles, recently disclosed a significant cyber incident affecting its global operations. In a statement on their official website, the company revealed that they proactively shut down their systems to mitigate the impact of

Continue Reading