EUVD-2026-35277

SAP Fiori Launchpad allows attackers to craft malicious URLs that triggers arbitrary service calls on the Fiori domain, this when opened by the user could compromise accounts by stealing user credentials. Successful exploitation requires adversaries to possess advanced knowledge of the system...

Profiling User Vulnerability to Phishing through Psychological and Behavioral Factors

Phishing remains one of the most pervasive cybersecurity threats, shifting the focus from technological vulnerabilities to human cognitive and psychological factors. In coherence with the trend of studies on phishing to increasingly focus on human aspects and vulnerable users profiling, this stud...

CVE-2021-27124

SQL injection in the expertise parameter in searchresult.php in Doctor Appointment System v1.0 allows an authenticated patient user to dump the database credentials via a SQL injection attack...

Risk Psychology and Cyber-Attack Tactics

We examine whether measured cognitive processes predict cyber-attack behavior. We analyzed data that included psychometric scale responses and labeled attack behaviors from cybersecurity professionals who conducted red-team operations against a simulated enterprise network. We employed multilevel...

Toward Cybersecurity-Expert Small Language Models

Large language models LLMs are transforming everyday applications, yet deployment in cybersecurity lags due to a lack of high-quality, domain-specific models and training datasets. To address this gap, we present CyberPal 2.0, a family of cybersecurity-expert small language models SLMs ranging fr...

EUVD-2023-34405

Malicious code in bioql PyPI...

EUVD-2023-34409

Malicious code in bioql PyPI...

EUVD-2023-34406

Malicious code in bioql PyPI...

Product Walkthrough: A Look Inside Pillar's AI Security Platform

In this article, we will provide a brief overview of Pillar Security's platform to better understand how they are tackling AI security challenges. Pillar Security is building a platform to cover the entire software development and deployment lifecycle with the goal of providing trust in AI system...

Microsoft at Black Hat USA 2025: A unified approach to modern cyber defense

Microsoft will be at Black Hat USA 2025, August 5–7 in Las Vegas, and we’re bringing you a unified, practitioner-driven experience built around real-world insights, threat intelligence, incident response, and hands-on AI expertise. We believe security teams are strongest when intelligence, tools,...

Effects of the Cyber Resilience Act (CRA) on Industrial Equipment Manufacturing Companies

The Cyber Resilience Act CRA is a new European Union EU regulation aimed at enhancing the security of digital products and services by ensuring they meet stringent cybersecurity requirements. This paper investigates the challenges that industrial equipment manufacturing companies anticipate while...

Google Algorithm Slashes Reddit Traffic: What It Means for UGC Platforms

Reddit Struggles After Google's New Focus on Expertise...

Inside the Mind of the Attacker: A Conversation with Raj Samani

With Take Command 2025 just around the corner, we sat down with Raj Samani, Chief Scientist at Rapid7, for a preview of his upcoming session: Inside the Mind of an Attacker: Navigating the Threat Horizon. Raj will be joined by Trent Teyema, Founder and President at CSG Strategies and former head ...

Hiring For Tech Positions: Balancing Experience And Potential

Explore diverse tech positions blending seasoned expertise and fresh talent. Discover how top companies balance experience and innovation…...

Top AI Trends Every Software Development Company to Follow in 2025

The software development industry is expanding tremendously. It drives up the need for technical people and new solutions.…...

The vCISO Academy: Transforming MSPs and MSSPs into Cybersecurity Powerhouses

We've all heard a million times: growing demand for robust cybersecurity in the face of rising cyber threats is undeniable. Globally small and medium-sized businesses SMBs are increasingly targeted by cyberattacks but often lack the resources for full-time Chief Information Security Officers CISO...

What I’ve learned in my first 7-ish years in cybersecurity

When I first interviewed with Joel Esler for my position at Cisco Talos, I remember when the time came for me to ask questions, one thing stood out. I asked what resources were available to me to learn about cybersecurity, because I was totally new to the space. His answer: The people. When I ask...

Rapid7 Introduces Vector Command, a New Managed Service for Continuous Red Teaming

Rapid7 is delighted to announce the launch of Vector Command, a continuous red teaming managed service designed to assess your external attack surface and identify gaps in the security defenses on an ongoing basis. Following the launch of Surface Command and Exposure Command in August, Vector...

YubiKey Side-Channel Attack

There is a side-channel attack against YubiKey access tokens that allows someone to clone a device. Its a complicated attack, requiring the victims username and password, and physical access to their YubiKey--as well as some technical expertise and equipment. Still, nice piece of security analysi...

The State of the Virtual CISO Report: MSP/MSSP Security Strategies for 2025

The 2024 State of the vCISO Report continues Cynomi's tradition of examining the growing popularity of virtual Chief Information Security Officer vCISO services. According to the independent survey, the demand for these services is increasing, with both providers and clients reaping the rewards...