Biztonsági szemle

DigitalOcean executives describe how they automated and streamlined many of the identity and access management functions that had been previously handled manually.

Cisco and Endace provide Security Operations Center services at RSAC™ 2025 Conference. Sign up for a tour and see what happens in the SOC.

As promised in diary entry " XORsearch: Searching With Regexes", I will outline another method to search with xorsearch and regexes.

A threat actor has claimed responsibility for the alleged politically motivated attack and has uploaded the stolen data to a Dark Web forum.

(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

Two weeks ago, version 1.3.0 of Langflow was released. The release notes list many fixes but do not mention that one of the "Bug Fixes" addresses a major vulnerability. Instead, the release notes state, "auth current user on code validation." [1]

The $40 million startup was relying on manpower in the Philippines to run the so-called "AI" tool.

A new PowerShell backdoor and persistence technique that hijacks TypeLib were discovered.

Nations continue to sign the Code of Practice for States in an effort to curb commercial spyware, yet implementation and enforcement concerns have yet to be figured out.

The threat actor, also known as Goffee, has been active since at least 2022 and has changed its tactics and techniques over the years while targeting Russian organizations.

PAN points out that to date, the brute-force attacks have not led to exploitation.