Vulnerabilities & Exploits

With the goal of creating fast, evasive, and sophisticated threats and campaigns, malicious actors are always on the prowl for new technologies to abuse, significant world events to exploit, and mismanaged and vulnerable assets to compromise.

It’s projected that by 2027, more than 90% of global organizations will be running containerized applications, while 63% of enterprises already adopted a cloud-native strategy in their businesses in 2023.

The adoption of large language models (LLMs) and Generative Pre-trained Transformers (GPTs), such as ChatGPT, by leading firms like Microsoft, Nuance, Mix and Google CCAI Insights, drives the industry towards a series of transformative changes. As the use of these new technologies becomes prevalent, it is important to understand their key behavior, advantages, and the risks they present.

Tools that aggregate access into multiple different environments, such as API gateways, pose a security risk for all these environments upon breach. In this article, we continue our journey through the security issues of the API Gateway landscape. Our new research focuses on another popular API gateway — Kong.

This article discusses two O-RAN vulnerabilities that attackers can exploit. One vulnerability stems from insufficient access control, and the other arises from faulty message handling

Our continuous surveillance and research of the threat landscape in 2023 showed patterns suggesting that as cybercriminals take advantage of the expanding attack surface, they are also learning to prioritize substance over size.

VicOne’s annual cyberthreat landscape report gives an idea of the coming reality of cyberthreats to modern cars. A chief concern is the vulnerabilities that could spell new risks to the connected vehicle ecosystem.

2024 is poised to be a hotbed for new challenges in cybersecurity as the economic and political terrains continue to undergo digitization and enterprises increasingly leverage artificial intelligence and machine learning (AI/ML), the cloud, and Web3 technologies. While these innovations are expected to lend a hand to organizations, they also provide opportunities for cybercriminals by promising big returns, more streamlined operations on wider impact zones, and more targeted victims.

Kubernetes, also known as K8s, is a very complex open-source platform that requires detailed attention to security. Despite previous efforts to increase its security, Kubernetes remains insecure by default and requires different security tools to protect the cluster.