Zeljka Zorz
SniperPhish: An all-in-one open-source phishing toolkit
SniperPhish is an all-in-one open-source phishing toolkit that pentesters and other security professionals can use for setting up and executing email and web-based spear …
Monero-mining botnet targets orgs through recent MS Exchange vulnerabilities
The recent Microsoft Exchange Server vulnerabilities might have initially been exploited by a government-backed APT group, but cybercriminals soon followed suit, using them to …
Cloud Sniper: Manage and automate cloud security operations
Cloud Sniper is an open-source platform for managing cloud security operations that aims to make it easy for cloud teams to deal with security incidents. “One of our …
Hackers found leveraging three SonicWall zero-day vulnerabilities
Attackers that seem to have “intimate knowledge” of the SonicWall Email Security product have been discovered leveraging three (at the time) zero-day …
Attackers are exploiting zero-day in Pulse Secure VPNs to breach orgs (CVE-2021-22893)
Attackers have been exploiting several old and one zero-day vulnerability (CVE-2021-22893) affecting Pulse Connect Secure (PCS) VPN devices to breach a variety of defense, …
Securing vehicles from potential cybersecurity threats
Organizations in the automotive industry are no stranger to demands and mandates regarding car and passenger safety, so addressing the issue of cybersecurity of computerized, …
Securing an online marketplace through the COVID-19-fueled boom
When COVID-19 began to spread around the globe, citizens of many countries were instructed to stay at and work from home. Most non-essential brick-and-mortar shops were closed …
Office 365 phishing campaign uses publicly hosted JavaScript code
A new phishing campaign targeting Office 365 users cleverly tries to bypass email security protections by combining chunks of HTML code delivered via publicly hosted …
SAP applications are getting compromised by skilled attackers
Newly provisioned, unprotected SAP applications in cloud environments are getting discovered and compromised in mere hours, Onapsis researchers have found, and vulnerabilities …
Vulnerabilities in ICS-specific backup solution open industrial facilities to attack
Claroty researchers have found and privately disclosed nine vulnerabilities affecting Rockwell Automation’s FactoryTalk AssetCentre, an ICS-specific backup solution. All of …
Zero Trust creator talks about implementation, misconceptions, strategy
A little over a decade ago, John Kindervag outlined the Zero Trust security model. As a VP and Principal Analyst on the Security and Risk Team at Forrester Research, he spent …
MindAPI makes API security research and testing easier
Security researcher David Sopas has published a new open-source project: MindAPI, a mind map with resources for making API security research easier. “I love mind maps. …
Featured news
Resources
Don't miss
- How CISOs can talk cybersecurity so it makes sense to executives
- How OSINT supports financial crime investigations
- Review: Effective Vulnerability Management
- Vuls: Open-source agentless vulnerability scanner
- Attackers exploited old flaws to breach SonicWall SMA appliances (CVE-2024-38475, CVE-2023-44221)