Blog

Blog

The Case for Proactive, Scalable Data Protection

Whether you’re facing growing data demands and increased cyber threats, or simply looking to future-proof your business, it’s time to consider the long-term benefits of transitioning to a cloud-first infrastructure.

Blog

GitHub Desktop Vulnerability Risks Credential Leaks via Malicious Remote URLs

Multiple security vulnerabilities have been disclosed in GitHub Desktop as well as other Git-related projects that, if successfully exploited, could permit an attacker to gain unauthorized access to a user’s Git credentials. “Git implements a protocol called Git Credential Protocol to retrieve credentials from the credential helper,” GMO Flatt Security researcher Ry0taK, who discovered the…

Blog

⚡ THN Weekly Recap: Top Cybersecurity Threats, Tools and Tips [27 January]

Welcome to your weekly cybersecurity scoop! Ever thought about how the same AI meant to protect our hospitals could also compromise them? This week, we’re breaking down the sophisticated world of AI-driven threats, key updates in regulations, and some urgent vulnerabilities in healthcare tech that need our attention. As we unpack these complex topics, we’ll…

Blog

Do We Really Need The OWASP NHI Top 10?

The Open Web Application Security Project has recently introduced a new Top 10 project – the Non-Human Identity (NHI) Top 10. For years, OWASP has provided security professionals and developers with essential guidance and actionable frameworks through its Top 10 projects, including the widely used API and Web Application security lists. Non-human identity security represents…

Blog

GamaCopy Mimics Gamaredon Tactics in Cyber Espionage Targeting Russian Entities

A previously unknown threat actor has been observed copying the tradecraft associated with the Kremlin-aligned Gamaredon hacking group in its cyber attacks targeting Russian-speaking entities. The campaign has been attributed to a threat cluster dubbed GamaCopy, which is assessed to share overlaps with another hacking group named Core Werewolf, also tracked as Awaken Likho and…

Blog

MintsLoader Delivers StealC Malware and BOINC in Targeted Cyber Attacks

Threat hunters have detailed an ongoing campaign that leverages a malware loader called MintsLoader to distribute secondary payloads such as the StealC information stealer and a legitimate open-source network computing platform called BOINC. “MintsLoader is a PowerShell based malware loader that has been seen delivered via spam emails with a link to Kongtuke/ClickFix pages or…

Blog

Meta’s Llama Framework Flaw Exposes AI Systems to Remote Code Execution Risks

A high-severity security flaw has been disclosed in Meta’s Llama large language model (LLM) framework that, if successfully exploited, could allow an attacker to execute arbitrary code on the llama-stack inference server. The vulnerability, tracked as CVE-2024-50050, has been assigned a CVSS score of 6.3 out of 10.0. Supply chain security firm Snyk, on the…

Blog

The Case for Proactive, Scalable Data Protection

GitHub Desktop Vulnerability Risks Credential Leaks via Malicious Remote URLs

⚡ THN Weekly Recap: Top Cybersecurity Threats, Tools and Tips [27 January]

Do We Really Need The OWASP NHI Top 10?

GamaCopy Mimics Gamaredon Tactics in Cyber Espionage Targeting Russian Entities

MintsLoader Delivers StealC Malware and BOINC in Targeted Cyber Attacks

Meta’s Llama Framework Flaw Exposes AI Systems to Remote Code Execution Risks

CISOs Are Gaining C-Suite Swagger, but Has It Come With a Cost?

DoJ Busts Up Another Multinational DPRK IT Worker Scam

MITRE’s Latest ATT&CK Simulations Tackle Cloud Defenses