7 Reasons to Get Certified in API Security

API security is becoming more important by the day and skilled practitioners are in high demand. Now’s the time to level up your API security skillset. Wallarm University, our free training course, provides security analysts, engineers, and practitioners with hands-on skills you can’t get from...

EUVD-2020-6290

Malware in sbrugna...

The US Grid Attack Looming on the Horizon

A major cyberattack on the US electrical grid has long worried security experts. Such an attack wouldn’t be easy. But if an adversary pulled it off, it’d be lights out in more ways than one...

CVE-2020-14131

The Xiaomi Security Center expresses heartfelt thanks to ADLab of VenusTech ! At the same time, we also welcome more outstanding and professional security experts and security teams to join the Mi Security Center MiSRC to jointly ensure the safe access of millions of Xiaomi users worldwide Life...

A New Era of Attacks on Encryption Is Starting to Heat Up

The UK, France, Sweden, and EU have made fresh attacks on end-to-end encryption. Some of the attacks are more “crude” than those in recent years, experts say...

What Really Happened With the DDoS Attacks That Took Down X

Elon Musk said a “massive cyberattack” disrupted X on Monday and pointed to “IP addresses originating in the Ukraine area” as the source of the attack. Security experts say that's not how it works...

Take Command | Rapid7’s 2025 Cybersecurity Summit: First Look at Our Speaker Lineup

Take Command Summit 2025 is shaping up to be one of the most impactful cybersecurity events of the year, bringing together Rapid7’s own security experts alongside leading industry voices for a full day of insights into today’s evolving attack landscape. This virtual summit will offer actionable...

CVE-2024-45346

The Xiaomi Security Center expresses heartfelt thanks to Ken Gannon and Ilyes Beghdadi of NCC Group working with Trend Micro Zero Day Initiative! At the same time, we also welcome more outstanding and professional security experts and security teams to join the Mi Security Center MiSRC to jointly...

CVE-2024-45346 GetApps application has code execution vulnerability

The Xiaomi Security Center expresses heartfelt thanks to Ken Gannon and Ilyes Beghdadi of NCC Group working with Trend Micro Zero Day Initiative! At the same time, we also welcome more outstanding and professional security experts and security teams to join the Mi Security Center MiSRC to jointly...

CVE-2024-45346 GetApps application has code execution vulnerability

The Xiaomi Security Center expresses heartfelt thanks to Ken Gannon and Ilyes Beghdadi of NCC Group working with Trend Micro Zero Day Initiative! At the same time, we also welcome more outstanding and professional security experts and security teams to join the Mi Security Center MiSRC to jointly...

CVE-2024-45346

CVE-2024-45346 affects Xiaomi GetApps. Connected sources indicate a code execution vulnerability in GetApps, linked to bypassing authentication logic. The CVSS-style metrics in the initial document show high impact (C, I, A = High) with network attack vector and user interaction required. Public ...

Polyfill Library Injected with Malware Impacting 100,000 Websites

A trusted JavaScript library, Polyfill.io, became a malware delivery system. Security experts exposed the attack and the potential consequences for website visitors. Learn how this supply chain attack highlights the importance of web development security and what steps developers can take to...

The private sector probably isn’t coming to save the NVD

I wrote last week about the problems arising from the massive backlog of vulnerabilities at the U.S. National Vulnerability Database. Thousands of CVEs are still without analysis data, and the once-reliable database of every single vulnerability thats disclosed and/or patched is now so far behind...

Fulton County, Security Experts Call LockBit’s Bluff

The ransomware group LockBit told officials with Fulton County, Ga. they could expect to see their internal documents published online this morning unless the county paid a ransom demand. LockBit removed Fulton Countys listing from its victim shaming website this morning, claiming the county had...

OWASP Mobile Top 10

Unraveling the Key Components of the Renowned OWASP Mobile Top 10 Index The altruistic initiative, Open Network Application Defense Plan ONADP, spearheads a cluster of operations in its mission to enhance the level of software protection. A cardinal tool emerging from their efforts, The OWASP...

Signature Verification for voteForManyWithSig Function

Lines of code Vulnerability details Potential Risk: The voteForManyWithSig function in the CultureIndex contract allows users to vote on multiple pieceIds using a provided signature. While it attempts to verify the signature, there are some potential risks associated with signature verification...

Signature Verification for batchVoteForManyWithSig Function

Lines of code Vulnerability details Potential Risk: The batchVoteForManyWithSig function in the CultureIndex contract allows multiple users to execute a batch of votes using provided signatures. While it attempts to verify the signatures, there are potential risks associated with signature...

Signature Verification for _verifyVoteSignature Function

Lines of code Vulnerability details Potential Risk: The verifyVoteSignature function in the CultureIndex contract is responsible for verifying signatures for specific votes. While it attempts to verify signatures, there are potential risks associated with signature verification. Proof of Concept...

What is the MITRE ATT&CK Framework?

The Unfolding Complexity of the MITRE ATT&CK System The domain of cybersecurity is akin to an ever-evolving ocean filled with intricacies. In these stormy waters, the MITRE ATT&CK System stands as a beacon of light. It brings some order, serving as a universally available repository storing vario...

Okta's Latest Security Breach Is Haunted by the Ghost of Incidents Past

A recent breach of authentication giant Okta has impacted nearly 200 of its clients. But repeated incidents and the company’s delayed disclosure have security experts calling foul...