1084 matches found
EUVD-2022-42603
Malicious code in bioql PyPI...
EUVD-2022-29306
Malicious code in bioql PyPI...
EUVD-2022-24985
Malicious code in bioql PyPI...
New $50 Battering RAM Attack Breaks Intel and AMD Cloud Security Protections
A group of academics from KU Leuven and the University of Birmingham has demonstrated a new vulnerability called Battering RAM to bypass the latest defenses on Intel and AMD cloud processors. "We built a simple, $50 interposer that sits quietly in the memory path, behaving transparently during...
discover
This is a collection of custom bash scripts used to automate various penetration testing tasks, including reconnaissance, scanning, enumeration, and malicious payload creation using Metasploit. The scripts are designed to be used with Kali Linux. The scripts are organized into several categories,...
Wiz achieves FedRAMP High authorization
Unified cloud security without compromise, delivering commercial features to sensitive government systems...
Rain: Transiently Leaking Data from Public Clouds Using Old Vulnerabilities
Given their vital importance for governments and enterprises around the world, we need to trust public clouds to provide strong security guarantees even in the face of advanced attacks and hardware vulnerabilities. While transient execution vulnerabilities, such as Spectre, have been in the...
Future-Proofing Cloud Security against Quantum Attacks: Risk, Transition, and Mitigation Strategies
Quantum Computing QC introduces a transformative threat to digital security, with the potential to compromise widely deployed classical cryptographic systems. This survey offers a comprehensive and systematic examination of quantumsafe security for Cloud Computing CC, focusing on the...
Introducing Wiz Incident Response: Your Expert Partner for Cloud Security Incidents
Announcing the public preview of Wiz’s in-house Incident Response service—empowering customers to investigate, contain, and resolve cyber incidents with confidence...
Navigating SEBI’s Cloud Security Requirements: A Guide for Regulated Entities
Overview: Who is impacted: The Securities and Exchange Board of India SEBI is the primary regulatory authority for the securities market in India. It was established to protect investor interests and promote market development, but its guidelines also impact cybersecurity professionals at regulat...
Schrodinger'S Toolbox: Exploring the Quantum Rowhammer Attack
Residual cross-talk in superconducting qubit devices creates a security vulnerability for emerging quantum cloud services. We demonstrate a Clifford-only Quantum Rowhammer attack-using just X and CNOT gates-that injects faults on IBM's 127-qubit Eagle processors without requiring pulse-level...
CVE-2025-7045 Cloud SAML SSO <= 1.0.19 - Missing Authorization to Unauthenticated Identity Provider Deletion via delete_config Action
The Cloud SAML SSO plugin for WordPress is vulnerable to Identity Provider Deletion due to a missing capability check on the deleteconfig action of the cssohandleactions function in all versions up to, and including, 1.0.19. This makes it possible for unauthenticated attackers to delete any...
Qualys Achieves FedRAMP® High ATO: Unlocking the Future of Trusted Cybersecurity for Government and Critical Infrastructure
Today, federal agencies and their technology partners are operating in the most scrutinized risk environment in history. The stakes are clear: a breach in high-impact systems – those holding national security, healthcare, or financial data – can result in loss of life, catastrophic economic damag...
Wiz Completes IRAP Assessment to Support Australian Government Cloud Security
Empowering Australian government agencies with enhanced cloud security...
GO-2025-3891 Information Disclosure in Amazon ECS Container Agent in github.com/aws/amazon-ecs-agent
Information Disclosure in Amazon ECS Container Agent in github.com/aws/amazon-ecs-agent...
Reducing False Positives with Active Behavioral Analysis for Cloud Security
Rule-based cloud security posture management CSPM solutions are known to produce a lot of false positives based on the limited contextual understanding and dependence on static heuristics testing. This paper introduces a validation-driven methodology that integrates active behavioral testing in...
System Security Framework for 5G Advanced /6G IoT Integrated Terrestrial Network-Non-Terrestrial Network (TN-NTN) with AI-Enabled Cloud Security
The integration of Terrestrial Networks TN and Non-Terrestrial Networks NTN, including 5G Advanced/6G and the Internet of Things IoT technologies, using Low Earth Orbit LEO satellites, high-altitude platforms HAPS, and Unmanned Aerial Vehicles UAVs, is redefining the landscape of global...
Introducing Wiz for Exposure Management: Unify, Prioritize, and Remediate Exposures Everywhere
Stop chasing CVEs with new UVM and Sensor Workload Scanner capabilities. Remove silos to effectively prioritize and reduce exposures across cloud, code, and on-prem...
Introducing Wiz for Exposure Management: Unify, Prioritize, and Remediate Exposures Everywhere
Stop chasing CVEs with new UVM and Sensor Workload Scanner capabilities. Remove silos to effectively prioritize and reduce exposures across cloud, code, and on-prem...
⚡ Weekly Recap: VPN 0-Day, Encryption Backdoor, AI Malware, macOS Flaw, ATM Hack & More
Malware isn't just trying to hide anymore—it's trying to belong. We're seeing code that talks like us, logs like us, even documents itself like a helpful teammate. Some threats now look more like developer tools than exploits. Others borrow trust from open-source platforms, or quietly build...