Content Paint
Search
Sign in
Membership

Security

 |  Security  | Jun 17, 2025
After Erie Insurance breach, Google warns on Scattered Spider
scattered spider targeting insurance companies

A range of ransomware groups have been seen spoofing IT support numbers or abusing default Teams credentials in social engineering attacks over the past 18 months.

Security  | Jun 17, 2025
MongoDB open-sources “Kingfisher” secrets scanner
MongoDB open-sources “Kingfisher” secrets scanner

Built on forked and updated “Nosey Parker” and faster than TruffleHog or Gitleaks says security engineer

 |  Security  | Jun 10, 2025
Patch Tuesday: Another MSHTML zero day exploited
Patch Tuesday: Another MSHTML zero day exploited

Attackers are going after high-profile targets in the government and defense sectors, with phishing campaigns that use WebDAV and LOLBins to deploy malware

Security  | Jun 09, 2025
"Absurd" 12-step malware dropper spotted in malicious npm packages
"Absurd" 12-step malware dropper spotted in malicious npm packages

Supply chain attack effort used steganography, a "dizzying wall of Unicode characters" and more.

 |  Security  | Jun 06, 2025
CVSS 9.9. Static credentials. In your cloud. Cisco WTF, again?
CVSS 9.9. Static credentials. In your cloud. Cisco WTF, again?

Cisco’s “zero trust” security software just hurt your cloud security, because it can’t stop shipping products with static credentials

 |  Security  | Jun 06, 2025
Google slams Meta for "blatant" violation of security principles via "Localmess"
An illustration showing how the Meta Pixel used SDP Munging to insert the _fbp cookie information into to the SDP "ice-ufrag" field.

"Current privacy controls (e.g., sandboxing approaches, mobile platform and browser permissions, web consent models, incognito modes, resetting mobile advertising IDs, or clearing cookies) are insufficient to control and mitigate it."

Security  | Jun 05, 2025
Vicious vishers villainise ventures via… Salesforce?
Vicious vishers villainise ventures via… Salesforce?

Little sh*ts use social engineering techniques to get Salesforce extension "Data Loader" installed then plunder material from targets.

 |  mícrosoft  | Jun 04, 2025
Microsoft, Crowdstrike sync up on 'confusing' threat naming system
Two arms with different watches on them showing a similar time. Microsoft and Crowdstrike will improve alignment of their threat actor naming systems.

No more, 'where have I seen this before?'

 |  Security  | Jun 02, 2025
US bankers to SEC: Stop making us report cyber incidents
US bankers to SEC: Stop making us report cyber incidents

Let us choose when and what to disclose...

Interviews, insight, intelligence, and exclusive events for digital leaders.

© 2025 The Stack
©  2025 The Stack

Search the site
Your link has expired. Please request a new one.
Your link has expired. Please request a new one.
Your link has expired. Please request a new one.
Great! You've successfully signed up.
Great! You've successfully signed up.
Welcome back! You've successfully signed in.
Success! You now have access to additional content.