Latest IntelligenceApplication SecurityPage 1
Search by keyword →
New “HTTP/2 Bomb” attack can exhaust server memory in seconds
Researchers have disclosed a new denial-of-service (DoS) technique dubbed HTTP/2 Bomb, a memory-exhaustion attack that can render major web servers inaccessible...
Google “Won’t Fix” API key staying active for 23 mins after deletion
Deleted Google API keys remain valid for up to 23 minutes after revocation, potentially allowing attackers to continue accessing Google Cloud services and Gemin...
Avada Builder WordPress plugin flaws allow site credential theft
Two vulnerabilities in the Avada Builder plugin for WordPress, with an estimated one million active installations, allow hackers to read arbitrary files and ext...
Frame Security Emerges From Stealth With $50M for Awareness and Training Platform
Team8, Index Ventures, Picture Capital, Elad Gil, Cerca Partners, and Tesonet invested in Frame Security. The post Frame Security Emerges From Stealth With $50M...
Hackers abuse Google ads for GoDaddy ManageWP login phishing
A phishing campaign delivered through Google sponsored search results is targeting credentials for ManageWP, GoDaddy's platform for managing fleets of WordPress...
ConsentFix v3 attacks target Azure with automated OAuth abuse
A new attack type, dubbed ConsentFix v3, has been circulating on hacker forums, building on the previous technique by adding automation and scaling potential. [...
EU’s proposed Google data access rule could enable large-scale surveillance
The European Commission is facing criticism from security and privacy experts over a proposed Digital Markets Act (DMA) measure that would require Google to sha...
Microsoft traces Universal Print issues to Graph API code change
Microsoft says that an ongoing Universal Print sharing issue that prevents users from creating some printer shares is due to a Microsoft Graph API code change. ...
Lawmakers Gathered Quietly to Talk About AI. Angst and Fears of ‘Destruction’ Followed
Thursday’s discussion comes as leaders on Capitol Hill grapple with the dizzying pace of global developments in which technology plays a central role. The post ...
[Webinar] Find and Eliminate Orphaned Non-Human Identities in Your Environment
In 2024, compromised service accounts and forgotten API keys were behind 68% of cloud breaches. Not phishing. Not weak passwords. Unmanaged non-human identities...
Multiple Vulnerabilities in Adobe Products Could Allow for Arbitrary Code Execution
Multiple vulnerabilities have been discovered in Adobe products, the most severe of which could allow for arbitrary code execution.Adobe Acrobat Reader is a fre...
Backdoored Smart Slider 3 Pro Update Distributed via Compromised Nextend Servers
Unknown threat actors have hijacked the update system for the Smart Slider 3 Pro plugin for WordPress and Joomla to push a poisoned version containing a backdoo...