Muddled Libra’s Evolution to the Cloud 4,834 people reacted Muddled Libra’s Evolution to the Cloud By Margaret Zimmermann April 9, 2024 at 11:00 AM 16 10 min. read
Threat Brief: Vulnerability in XZ Utils Data Compression Library Impacting Multiple Linux Distributions (CVE-2024-3094) 37,486 people reacted Threat Brief: Vulnerability in XZ Utils Data Compression Library Impacting Multiple Linux Distributions (CVE-2024-3094) By Unit 42 March 30, 2024 at 7:15 PM 48 6 min. read
Navigating the Cloud: Exploring Lateral Movement Techniques 7,809 people reacted Navigating the Cloud: Exploring Lateral Movement Techniques By Eden Elazar February 28, 2024 at 3:00 AM 28 12 min. read
Dual Privilege Escalation Chain: Exploiting Monitoring and Service Mesh Configurations and Privileges in GKE to Gain Unauthorized Access in Kubernetes 6,972 people reacted Dual Privilege Escalation Chain: Exploiting Monitoring and Service Mesh Configurations and Privileges in GKE to Gain Unauthorized Access in Kubernetes By Shaul Ben Hai December 27, 2023 at 6:00 AM 33 11 min. read
Exploring a Critical Risk in Google Workspace's Domain-Wide Delegation Feature 5,434 people reacted Exploring a Critical Risk in Google Workspace's Domain-Wide Delegation Feature By Zohar Zigdon November 30, 2023 at 3:00 PM 19 10 min. read
CloudKeys in the Air: Tracking Malicious Operations of Exposed IAM Keys 7,960 people reacted CloudKeys in the Air: Tracking Malicious Operations of Exposed IAM Keys By William Gamazo and Nathaniel Quist October 30, 2023 at 4:40 AM 23 15 min. read
When a Zero Day and Access Keys Collide in the Cloud: Responding to the SugarCRM Zero-Day Vulnerability 6,816 people reacted When a Zero Day and Access Keys Collide in the Cloud: Responding to the SugarCRM Zero-Day Vulnerability By Margaret Zimmermann August 10, 2023 at 3:15 PM 18 13 min. read
P2PInfect: The Rusty Peer-to-Peer Self-Replicating Worm 11,111 people reacted P2PInfect: The Rusty Peer-to-Peer Self-Replicating Worm By William Gamazo and Nathaniel Quist July 19, 2023 at 10:00 AM 16 11 min. read
Six Malicious Python Packages in the PyPI Targeting Windows Users 9,513 people reacted Six Malicious Python Packages in the PyPI Targeting Windows Users By Shaul Ben Hai July 11, 2023 at 6:00 AM 21 11 min. read
Detecting Popular Cobalt Strike Malleable C2 Profile Techniques 19,927 people reacted Detecting Popular Cobalt Strike Malleable C2 Profile Techniques By Durgesh Sangvikar, Matthew Tennis, Chris Navarrete, Yanhui Jia, Yu Fu and Nina Smith June 27, 2023 at 3:00 PM 21 6 min. read
Analyzing Web Application and API Attacks: The Cloud as a Target and a Launch Pad 39,942 people reacted Analyzing Web Application and API Attacks: The Cloud as a Target and a Launch Pad By Aviv Sasson June 2, 2023 at 6:00 AM 10 5 min. read
Unit 42 Unveils Most ‘Expansive’ Cloud Threat Research Yet: Cloud Threat Report Volume 7 Examines the Expanding Attack Surface 73,765 people reacted Unit 42 Unveils Most ‘Expansive’ Cloud Threat Research Yet: Cloud Threat Report Volume 7 Examines the Expanding Attack Surface By Unit 42 April 18, 2023 at 3:00 AM 28 4 min. read
Mitigating RBAC-Based Privilege Escalation in Popular Kubernetes Platforms 67,466 people reacted Mitigating RBAC-Based Privilege Escalation in Popular Kubernetes Platforms By Yuval Avrahami January 27, 2023 at 6:00 AM 31 9 min. read
Security Issue in JWT Secret Poisoning (Updated) 131,871 people reacted Security Issue in JWT Secret Poisoning (Updated) By Artur Oleyarsh January 9, 2023 at 6:00 AM 57 8 min. read
PurpleUrchin Bypasses CAPTCHA and Steals Cloud Platform Resources 61,123 people reacted PurpleUrchin Bypasses CAPTCHA and Steals Cloud Platform Resources By William Gamazo and Nathaniel Quist January 5, 2023 at 6:00 AM 14 10 min. read