The CVE Deluge of 2025: Why It’s More Than Just a Number Problem

If you’re on the go and don’t have time to sit down with the full blog, we’ve put together an in depth audio breakdown so you can catch the key insights anytime, anywhere. The year 2025 marks a turning point in cybersecurity. It's the year the floodgates opened in the world of cyber. For years, t...

Inside the AI Threat Landscape: From Jailbreaks to Prompt Injections and Agentic AI Risks

AI has officially moved out of the novelty phase. What began with people messing around with LLM-powered GenAI tools for content creation has rapidly evolved into a complex web of agentic AI systems that form a critical part of the modern corporate landscape. However, this transformation has give...

CISA: 2023 ISC Annual Review

System About Files News Vote Help | Services API Advertise Contact | Account Join Login ---|---|---...

Acronym Overdose – Navigating the Complex Data Security Landscape

In the modern enterprise, data security is often discussed using a complex lexicon of acronyms—DLP, DDR, DSPM, and many others. While these acronyms represent critical frameworks, architectures, and tools for protecting sensitive information, they can also overwhelm those trying to piece together...

The Iranian Cyber Capability

The Iranian Cyber Capability By Ernesto Fernández Provecho, Pham Duy Phuc, and John Fokker · September 19, 2024 Introduction In recent years, The Islamic Republic of Iran has extensively promoted the execution of cyber campaigns to protect its national interests, deter adversaries, and conduct...

Why We Must Democratize Cybersecurity

With breaches making the headlines on an almost weekly basis, the cybersecurity challenges we face are becoming visible not only to large enterprises, who have built security capabilities over the years, but also to small to medium businesses and the broader public. While this is creating greater...

5 ways to secure identity and access for 2024

The security landscape is changing fast. In 2023, we saw a record-high 30 billion attempted password attacks per month, a 35% increase in demand for cybersecurity experts, and a 23% annual rise in cases processed by the Microsoft Security Response Center and Security Operations Center teams.1 Thi...

Code leaks are causing an influx of new ransomware actors

Ransomware gangs are consistently rebranding or merging with other groups, as highlighted in our 2022 Year in Review, or these actors work for multiple ransomware-as-a-service RaaS outfits at a time, and new groups are always emerging. This trend is already continuing this year. Since 2021, there...

Wallarm at Black Hat USA 2023 Booth #3131

Wallarm is excited to be back at Black Hat USA this year and meet with our friends in the community wanting or perhaps needing to learn more about integrated web app and API protection. We look forward to seeing you there! Expo Hours If you’re attending in person, the Business Hall is open for tw...

Client-side Magecart attacks still around, but more covert

This blog post was authored by Jérôme Segura We have seen and heard less buzz about Magecart during the past several months. While some marketing playbooks continue to rehash the same breaches of yesteryear, we have been wondering if some changes took place in the threat landscape. One thing we...

The Forecast Is Flipped: Flipping L&D in New Hire Training

Rapid7’s onboarding program, Making the Band, first came to the stage in the fall of 2017 when the original 2-week, video-based program evolved into a dynamic 90-day experience. The updated program delivered learnings to new hires through digital self-paced content and a 2-day live training focus...

OSS API Firewall Unveils new Feature: Blacklist for Compromised API Tokens and Cookies

Discovering and securing any API is one of the most difficult challenges for developers. The API security landscape is constantly evolving, with new threats and vulnerabilities emerging at a rapid pace. Since commercial API security solutions could be really expensive for organizations, its never...

Exploring a New Class of Kernel Exploit Primitive

The security landscape is dynamic, changing often and as a result, attack surfaces evolve. MSRC receives a wide variety of cases spanning different products, bug types and exploit primitives. One particularly interesting primitive we see is an arbitrary kernel pointer read. These often happen whe...

Exploring a New Class of Kernel Exploit Primitive

The security landscape is dynamic, changing often and as a result, attack surfaces evolve. MSRC receives a wide variety of cases spanning different products, bug types and exploit primitives. One particularly interesting primitive we see is an arbitrary kernel pointer read. These often happen whe...

Detect active network reconnaissance with Microsoft Defender for Endpoint

The Microsoft Compromise Recovery Security Practice has observed how the security industry has evolved over the last few years as consumers, businesses, and industry professionals continue to adapt to the changing landscape. We have seen the emergence of new frameworks, such as the Cybersecurity...

Cyber Signals: Defending against cyber threats with the latest research, insights, and trends

We’re excited to introduce Cyber Signals, a cyber threat intelligence brief informed by the latest Microsoft threat data and research. This content, which will be released quarterly, offers an expert perspective into the current threat landscape, discussing trending tactics, techniques, and...

Investigating and Mitigating Malicious Drivers

The security landscape continues to rapidly evolve as threat actors find new and innovative methods to gain access to environments across a wide range of vectors. As the industry moves closer to the adoption of a Zero Trust security posture with broad and layered defenses, we remain committed to...

This Week in Security News June 11, 2021

The post-pandemic security landscape and the banning of ransomware payments could create new crisis situations...

Building SIEM for Today’s Threat Landscape

It’s easy to see how the changing security landscape has shaped the evolution of the security information and event management SIEM practice area — and how it continues to. But architecting an effective SIEM approach requires a well-thought-out strategy. A combination of security information...

Introducing the 2020 Vulnerability Intelligence Report: 50 CVEs that Made Headlines in 2020

2020 was a tumultuous year for vulnerability risk management. Defenders had to contend with a growing volume of high-priority security threats, many of them in internet-facing technologies deployed to enable and secure a suddenly remote workforce. New communications from the U.S. National Securit...