Latest news about information security vulnerabilities, threats, incidents and events
Prevention of security vulnerabilities, threats, and incidents described below is wiser and cheaper than forensic investigations and mitigation of the consequences of a cyber-attack.
You can get evidence of this fact from the news below.
Use our services to find and mitigate your security vulnerabilities before the security threat agents find them.
China-Linked Red Menshen Uses Stealthy BPFDoor Implants to Spy via Telecom Networks
A long-term and ongoing campaign attributed to a China-nexus threat actor has embedded itself in telecom networks to conduct espionage against government networks. The strategic positioning activity, which...
More details.
Posted on Thu, 26 Mar 2026 23:10:00 +0530
[Webinar] Stop Guessing. Learn to Validate Your Defenses Against Real Attacks
Most teams have security tools in place. Alerts are firing, dashboards look clean, threat intel is flowing in. On the surface, everything feels under control. But one question usually stays unanswered: Would your defenses actually stop a real attack? That’s where things get shaky...
More details.
Posted on Thu, 26 Mar 2026 18:42:00 +0530
Claude Extension Flaw Enabled Zero-Click XSS Prompt Injection via Any Website
Cybersecurity researchers have disclosed a vulnerability in Anthropic's Claude Google Chrome Extension that could have been exploited to trigger malicious prompts simply by visiting a web page. The flaw "allowed any website to silently inject prompts into that assistant as if the user wrote them," Koi Security researcher Oren Yomtov said in a report shared with The Hacker News...
More details.
Posted on Thu, 26 Mar 2026 18:41:00 +0530
Masters of Imitation: How Hackers and Art Forgers Perfect the Art of Deception
Unmasking impostors is something the art world has faced for decades, and there are valuable lessons from the works of Elmyr de Hory that can apply to the world of defensive cybersecurity. During the 1960s, de Hory gained infamy as a premier forger, passing off counterfeit masterworks of Picasso, Matisse, and Renoir to unsuspecting collectors and renowned museums...
More details.
Posted on Thu, 26 Mar 2026 17:28:00 +0530
ThreatsDay Bulletin: PQC Push, AI Vuln Hunting, Pirated Traps, Phishing Kits & 20 More Stories
Some weeks in security feel loud. This one feels sneaky. Less big dramatic fireworks, more of that slow creeping sense that too many people are getting way too comfortable abusing things they probably shouldn’t even be touching...
More details.
Posted on Thu, 26 Mar 2026 17:15:00 +0530
Coruna iOS Kit Reuses 2023 Triangulation Exploit Code in Recent Mass Attacks
The kernel exploit for two security vulnerabilities used in the recently uncovered Apple iOS exploit kit known as Coruna is an updated version of the same exploit that was used in the Operation Triangulation campaign back in 2023, according to new findings from Kaspersky...
More details.
Posted on Thu, 26 Mar 2026 16:37:00 +0530
WebRTC Skimmer Bypasses CSP to Steal Payment Data from E-Commerce Sites
Cybersecurity researchers have discovered a new payment skimmer that uses WebRTC data channels as a means to receive payloads and exfiltrate data, effectively bypassing security controls. "Instead of the usual HTTP requests or image beacons, this malware uses WebRTC data channels to load its payload and exfiltrate stolen payment data," Sansec said in a report published this week...
More details.
Posted on Thu, 26 Mar 2026 12:23:00 +0530
LeakBase Admin Arrested in Russia Over Massive Stolen Credential Marketplace
The alleged administrator of the LeakBase cybercrime forum has been arrested by Russian law enforcement authorities, state media reported Thursday. According to TASS and MVD Media, a news website linked to the Russian Interior Ministry, the suspect is a resident of the city of Taganrog...
More details.
Posted on Wed, 25 Mar 2026 23:05:00 +0530
GlassWorm Malware Uses Solana Dead Drops to Deliver RAT and Steal Browser, Crypto Data
Cybersecurity researchers have flagged a new evolution of the GlassWorm campaign that delivers a multi-stage framework capable of comprehensive data theft and installing a remote access trojan (RAT), which deploys an information-stealing Google Chrome extension masquerading as an offline version of Google Docs...
More details.
Posted on Wed, 25 Mar 2026 19:56:00 +0530
The Kill Chain Is Obsolete When Your AI Agent Is the Threat
In September 2025, Anthropic disclosed that a state-sponsored threat actor used an AI coding agent to execute an autonomous cyber espionage campaign against 30 global targets. The AI handled 80-90% of tactical operations on its own, performing reconnaissance, writing exploit code, and attempting lateral movement at machine speed...
More details.
Posted on Wed, 25 Mar 2026 17:28:00 +0530
Russian Hacker Sentenced to 2 Years for TA551 Botnet-Driven Ransomware Attacks
The U.S. Department of Justice (DoJ) said a Russian national has been sentenced to two years in prison for managing a botnet that was used to launch ransomware attacks against U.S. companies. Ilya Angelov, 40, of Tolyatti, Russia, was also fined $100,000...
More details.
Posted on Wed, 25 Mar 2026 17:22:00 +0530
Device Code Phishing Hits 340+ Microsoft 365 Orgs Across Five Countries via OAuth Abuse
Cybersecurity researchers are calling attention to an active device code phishing campaign that's targeting Microsoft 365 identities across more than 340 organizations in the U.S., Canada, Australia, New Zealand, and Germany...
More details.
Posted on Wed, 25 Mar 2026 17:04:00 +0530
FCC Bans New Foreign-Made Routers Over Supply Chain and Cyber Risk Concerns
The U.S. Federal Communications Commission (FCC) said on Monday that it was banning the import of new, foreign-made consumer routers, citing "unacceptable" risks to cyber and national security. The action was designed to safeguard Americans and the underlying communications networks the country relies on, FCC Chairman Brendan Carr said in a post on X...
More details.
Posted on Wed, 25 Mar 2026 12:41:00 +0530
TeamPCP Backdoors LiteLLM Versions 1.82.7–1.82.8 via Trivy CI/CD Compromise
TeamPCP, the threat actor behind the recent compromises of Trivy and KICS, has now compromised a popular Python package named litellm, pushing two malicious versions containing a credential harvester, a Kubernetes lateral movement toolkit, and a persistent backdoor...
More details.
Posted on Tue, 24 Mar 2026 23:51:00 +0530
Tax Search Ads Deliver ScreenConnect Malware Using Huawei Driver to Disable EDR
A large-scale malvertising campaign active since January 2026 has been observed targeting U.S.-based individuals searching for tax-related documents to serve rogue installers for ConnectWise ScreenConnect that drop a tool named HwAudKiller to blind security programs using the bring your own vulnerable driver (BYOVD) technique...
More details.
Posted on Tue, 24 Mar 2026 22:35:00 +0530
5 Learnings from the First-Ever Gartner Market Guide for Guardian Agents
On February 25, 2026, Gartner published its inaugural Market Guide for Guardian Agents, marking an important milestone for this emerging category. For those unfamiliar with the various Gartner report types, “a Market Guide defines a market and explains what clients can expect it to do in the short term...
More details.
Posted on Tue, 24 Mar 2026 22:06:05 +0530
Hackers Use Fake Resumes to Steal Enterprise Credentials and Deploy Crypto Miner
An ongoing phishing campaign is targeting French-speaking corporate environments with fake resumes that lead to the deployment of cryptocurrency miners and information stealers. "The campaign uses highly...
More details.
Posted on Tue, 24 Mar 2026 22:05:00 +0530
The Hidden Cost of Cybersecurity Specialization: Losing Foundational Skills
Cybersecurity has changed fast. Roles are more specialized, and tooling is more advanced. On paper, this should make organizations more secure. But in practice, many teams struggle with the same basic problems they faced years ago: unclear risk priorities, misaligned tooling decisions, and difficulty explaining security issues in terms the business understands...
More details.
Posted on Tue, 24 Mar 2026 17:31:00 +0530
Ghost Campaign Uses 7 npm Packages to Steal Crypto Wallets and Credentials
Cybersecurity researchers have uncovered a new set of malicious npm packages that are designed to steal cryptocurrency wallets and sensitive data. The activity is being tracked by ReversingLabs as the Ghost campaign...
More details.
Posted on Tue, 24 Mar 2026 17:30:00 +0530
TeamPCP Hacks Checkmarx GitHub Actions Using Stolen CI Credentials
Two more GitHub Actions workflows have become the latest to be compromised by credential-stealing malware by a threat actor known as TeamPCP, the cloud-native cybercriminal operation also behind the Trivy supply chain attack...
More details.
Posted on Tue, 24 Mar 2026 16:08:00 +0530
U.S. Sentences Russian Hacker to 6.75 Years for Role in $9M Ransomware Damage
A 26-year-old Russian citizen has been sentenced in the U.S. to 6.75 years (81 months) in prison for his role in assisting major cybercrime groups, including the Yanluowang ransomware crew, in conducting numerous attacks against U...
More details.
Posted on Tue, 24 Mar 2026 12:19:00 +0530
Citrix Urges Patching Critical NetScaler Flaw Allowing Unauthenticated Data Leaks
Citrix has released security updates to address two vulnerabilities in NetScaler ADC and NetScaler Gateway, including a critical flaw that could be exploited to leak sensitive data from the application...
More details.
Posted on Tue, 24 Mar 2026 11:29:00 +0530
North Korean Hackers Abuse VS Code Auto-Run Tasks to Deploy StoatWaffle Malware
The North Korean threat actors behind the Contagious Interview campaign, also tracked as WaterPlum, have been attributed to a malware family tracked as StoatWaffle that's distributed via malicious Microsoft Visual Studio Code (VS Code) projects...
More details.
Posted on Mon, 23 Mar 2026 23:39:00 +0530
⚡ Weekly Recap: CI/CD Backdoor, FBI Buys Location Data, WhatsApp Ditches Numbers & More
Another week, another reminder that the internet is still a mess. Systems people thought were secure are being broken in simple ways, showing many still ignore basic advisories. This edition covers a mix of issues: supply chain attacks hitting CI/CD setups, long-abused IoT devices being shut down, and exploits moving quickly from disclosure to real attacks...
More details.
Posted on Mon, 23 Mar 2026 18:44:00 +0530
We Found Eight Attack Vectors Inside AWS Bedrock. Here's What Attackers Can Do with Them
AWS Bedrock is Amazon's platform for building AI-powered applications. It gives developers access to foundation models and the tools to connect those models directly to enterprise data and systems. That connectivity is what makes it powerful – but it’s also what makes Bedrock a target...
More details.
Posted on Mon, 23 Mar 2026 17:25:00 +0530
Microsoft Warns IRS Phishing Hits 29,000 Users, Deploys RMM Malware
Microsoft has warned of fresh campaigns that are capitalizing on the upcoming tax season in the U.S. to harvest credentials and deliver malware. The email campaigns take advantage of the urgency and time-sensitive...
More details.
Posted on Mon, 23 Mar 2026 16:25:00 +0530
Trivy Hack Spreads Infostealer via Docker, Triggers Worm and Kubernetes Wiper
Cybersecurity researchers have uncovered malicious artifacts distributed via Docker Hub following the Trivy supply chain attack, highlighting the widening blast radius across developer environments. The last known clean release of Trivy on Docker Hub is 0...
More details.
Posted on Mon, 23 Mar 2026 14:01:00 +0530
Hackers Exploit CVE-2025-32975 (CVSS 10.0) to Hijack Unpatched Quest KACE SMA Systems
Threat actors are suspected to be exploiting a maximum-severity security flaw impacting Quest KACE Systems Management Appliance (SMA), according to Arctic Wolf. The cybersecurity company said it observed malicious activity starting the week of March 9, 2026, in customer environments that's consistent with the exploitation of CVE-2025-32975 on unpatched SMA systems exposed to the internet...
More details.
Posted on Mon, 23 Mar 2026 11:45:00 +0530
FBI Warns Russian Hackers Target Signal, WhatsApp in Mass Phishing Attacks
Threat actors affiliated with Russian Intelligence Services are conducting phishing campaigns to compromise commercial messaging applications (CMAs) like WhatsApp and Signal to seize control of accounts belonging to individuals with high intelligence value, the U...
More details.
Posted on Sat, 21 Mar 2026 18:47:00 +0530
Oracle Patches Critical CVE-2026-21992 Enabling Unauthenticated RCE in Identity Manager
Oracle has released security updates to address a critical security flaw impacting Identity Manager and Web Services Manager that could be exploited to achieve remote code execution. The vulnerability, tracked as CVE-2026-21992, carries a CVSS score of 9...
More details.
Posted on Sat, 21 Mar 2026 15:54:00 +0530
Trivy Supply Chain Attack Triggers Self-Spreading CanisterWorm Across 47 npm Packages
The threat actors behind the supply chain attack targeting the popular Trivy scanner are suspected to be conducting follow-on attacks that have led to the compromise of a large number of npm packages with a previously undocumented self-propagating worm dubbed CanisterWorm...
More details.
Posted on Sat, 21 Mar 2026 13:55:00 +0530
CISA Flags Apple, Craft CMS, Laravel Bugs in KEV, Orders Patching by April 3, 2026
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Friday added five security flaws impacting Apple, Craft CMS, and Laravel Livewire to its Known Exploited Vulnerabilities (KEV) catalog, urging federal agencies to patch them by April 3, 2026...
More details.
Posted on Sat, 21 Mar 2026 13:55:00 +0530
Trivy Security Scanner GitHub Actions Breached, 75 Tags Hijacked to Steal CI/CD Secrets
Trivy, a popular open-source vulnerability scanner maintained by Aqua Security, was compromised a second time within the span of a month to deliver malware capable of stealing sensitive CI/CD secrets....
More details.
Posted on Fri, 20 Mar 2026 23:17:00 +0530
Critical Langflow Flaw CVE-2026-33017 Triggers Attacks within 20 Hours of Disclosure
A critical security flaw impacting Langflow has come under active exploitation within 20 hours of public disclosure, highlighting the speed at which threat actors weaponize newly published vulnerabilities...
More details.
Posted on Fri, 20 Mar 2026 20:45:00 +0530
Google Adds 24-Hour Wait for Unverified App Sideloading to Reduce Malware and Scams
Google on Thursday announced a new "advanced flow" for Android sideloading that requires a mandatory 24-hour wait period to install apps from unverified developers in an attempt to balance openness with safety...
More details.
Posted on Fri, 20 Mar 2026 16:27:00 +0530
The Importance of Behavioral Analytics in AI-Enabled Cyber Attacks
Artificial Intelligence (AI) is changing how individuals and organizations conduct many activities, including how cybercriminals carry out phishing attacks and iterate on malware. Now, cybercriminals are using AI to generate personalized phishing emails, deepfakes and malware that evade traditional detection by impersonating normal user activity and bypassing legacy security models...
More details.
Posted on Fri, 20 Mar 2026 15:30:00 +0530
Magento PolyShell Flaw Enables Unauthenticated Uploads, RCE and Account Takeover
Sansec is warning of a critical security flaw in Magento's REST API that could allow unauthenticated attackers to upload arbitrary executables and achieve code execution and account takeover. The vulnerability has been codenamed PolyShell by Sansec owing to the fact that the attack hinges on disguising malicious code as an image...
More details.
Posted on Fri, 20 Mar 2026 15:00:00 +0530
DoJ Disrupts 3 Million-Device IoT Botnets Behind Record 31.4 Tbps Global DDoS Attacks
The U.S. Department of Justice (DoJ) on Thursday announced the disruption of command-and-control (C2) infrastructure used by several Internet of Things (IoT) botnets like AISURU, Kimwolf, JackSkid, and Mossad as part of a court-authorized law enforcement operation...
More details.
Posted on Fri, 20 Mar 2026 11:55:00 +0530
Apple Warns Older iPhones Vulnerable to Coruna, DarkSword Exploit Kit Attacks
Apple is urging users who are still running an outdated version of iOS to update their iPhones to secure against web-based attacks carried out via powerful exploit kits like Coruna and DarkSword. These attacks employ malicious web content to target out-of-date versions of iOS, triggering an infection chain that leads to the theft of sensitive data...
More details.
Posted on Fri, 20 Mar 2026 10:46:00 +0530
Speagle Malware Hijacks Cobra DocGuard to Steal Data via Compromised Servers
Cybersecurity researchers have flagged a new malware dubbed Speagle that hijacks the functionality and infrastructure of a legitimate program called Cobra DocGuard. "Speagle is designed to surreptitiously...
More details.
Posted on Fri, 20 Mar 2026 00:46:00 +0530
54 EDR Killers Use BYOVD to Exploit 35 Signed Vulnerable Drivers and Disable Security
A new analysis of endpoint detection and response (EDR) killers has revealed that 54 of them leverage a technique known as bring your own vulnerable driver (BYOVD) by abusing a total of 35 vulnerable drivers...
More details.
Posted on Fri, 20 Mar 2026 00:22:00 +0530
ThreatsDay Bulletin: FortiGate RaaS, Citrix Exploits, MCP Abuse, LiveChat Phish & More
ThreatsDay Bulletin is back on The Hacker News, and this week feels off in a familiar way. Nothing loud, nothing breaking everything at once. Just a lot of small things that shouldn’t work anymore but still do...
More details.
Posted on Thu, 19 Mar 2026 19:55:00 +0530
New Perseus Android Banking Malware Monitors Notes Apps to Extract Sensitive Data
Cybersecurity researchers have disclosed a new Android malware family called Perseus that's being actively distributed in the wild with an aim to conduct device takeover (DTO) and financial fraud. Perseus...
More details.
Posted on Thu, 19 Mar 2026 18:13:00 +0530
How Ceros Gives Security Teams Visibility and Control in Claude Code
Security teams have spent years building identity and access controls for human users and service accounts. But a new category of actor has quietly entered most enterprise environments, and it operates entirely outside those controls...
More details.
Posted on Thu, 19 Mar 2026 16:28:00 +0530
DarkSword iOS Exploit Kit Uses 6 Flaws, 3 Zero-Days for Full Device Takeover
A new exploit kit for Apple iOS devices designed to steal sensitive data from is being wielded by multiple threat actors since at least November 2025, according to reports from Google Threat Intelligence Group (GTIG), iVerify, and Lookout...
More details.
Posted on Thu, 19 Mar 2026 14:44:00 +0530
CISA Warns of Zimbra, SharePoint Flaw Exploits; Cisco Zero-Day Hit in Ransomware Attacks
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has urged government agencies to apply patches for two security flaws impacting Synacor Zimbra Collaboration Suite (ZCS) and Microsoft Office SharePoint, stating they have been actively exploited in the wild...
More details.
Posted on Thu, 19 Mar 2026 11:35:00 +0530
OFAC Sanctions DPRK IT Worker Network Funding WMD Programs Through Fake Remote Jobs
The U.S. Department of the Treasury's Office of Foreign Assets Control (OFAC) has sanctioned six individuals and two entities for their involvement in the Democratic People's Republic of Korea (DPRK) information technology (IT) worker scheme with an aim to defraud U...
More details.
Posted on Wed, 18 Mar 2026 22:56:00 +0530
Interlock Ransomware Exploits Cisco FMC Zero-Day CVE-2026-20131 for Root Access
Amazon Threat Intelligence is warning of an active Interlock ransomware campaign that's exploiting a recently disclosed critical security flaw in Cisco Secure Firewall Management Center (FMC) Software...
More details.
Posted on Wed, 18 Mar 2026 21:30:00 +0530
Critical Unpatched Telnetd Flaw (CVE-2026-32746) Enables Unauthenticated Root RCE
Cybersecurity researchers have disclosed a critical security flaw impacting the GNU InetUtils telnet daemon (telnetd) that could be exploited by an unauthenticated remote attacker to execute arbitrary code with elevated privileges...
More details.
Posted on Wed, 18 Mar 2026 18:00:00 +0530
Claude Code Security and Magecart: Getting the Threat Model Right
When a Magecart payload hides inside the EXIF data of a dynamically loaded third-party favicon, no repository scanner will catch it – because the malicious code never actually touches your repo. As teams adopt Claude Code Security for static analysis, this is the exact technical boundary where AI code scanning stops and client-side runtime execution begins...
More details.
Posted on Wed, 18 Mar 2026 17:28:00 +0530
Student Loan Breach Exposes 2.5M Records
2.5 million people were affected, in a breach that could spell more trouble down the line.
More details.
Posted on Wed, 31 Aug 2022 12:57:48 +0000
Watering Hole Attacks Push ScanBox Keylogger
Researchers uncover a watering hole attack likely carried out by APT TA423, which attempts to plant the ScanBox JavaScript-based reconnaissance tool.
More details.
Posted on Tue, 30 Aug 2022 16:00:43 +0000
Tentacles of ‘0ktapus’ Threat Group Victimize 130 Firms
Over 130 companies tangled in sprawling phishing campaign that spoofed a multi-factor authentication system.
More details.
Posted on Mon, 29 Aug 2022 14:56:19 +0000
Ransomware Attacks are on the Rise
Lockbit is by far this summer’s most prolific ransomware group, trailed by two offshoots of the Conti group.
More details.
Posted on Fri, 26 Aug 2022 16:44:27 +0000
Cybercriminals Are Selling Access to Chinese Surveillance Cameras
Tens of thousands of cameras have failed to patch a critical, 11-month-old CVE, leaving thousands of organizations exposed.
More details.
Posted on Thu, 25 Aug 2022 18:47:15 +0000
Twitter Whistleblower Complaint: The TL;DR Version
Twitter is blasted for security and privacy lapses by the company’s former head of security who alleges the social media giant’s actions amount to a national security risk.
More details.
Posted on Wed, 24 Aug 2022 14:17:04 +0000
Firewall Bug Under Active Attack Triggers CISA Warning
CISA is warning that Palo Alto Networks’ PAN-OS is under active attack and needs to be patched ASAP.
More details.
Posted on Tue, 23 Aug 2022 13:19:58 +0000
Fake Reservation Links Prey on Weary Travelers
Fake travel reservations are exacting more pain from the travel weary, already dealing with the misery of canceled flights and overbooked hotels.
More details.
Posted on Mon, 22 Aug 2022 13:59:06 +0000
iPhone Users Urged to Update to Patch 2 Zero-Days
Separate fixes to macOS and iOS patch respective flaws in the kernel and WebKit that can allow threat actors to take over devices and are under attack.
More details.
Posted on Fri, 19 Aug 2022 15:25:56 +0000
Google Patches Chrome’s Fifth Zero-Day of the Year
An insufficient validation input flaw, one of 11 patched in an update this week, could allow for arbitrary code execution and is under active attack.
More details.
Posted on Thu, 18 Aug 2022 14:31:38 +0000
Snowflake Data Breach: What Happened and How to Prevent It
In 2024, the cybersecurity landscape was shaken by an unexpected and widespread incident—the Snowflake data breach. Despite being a leading provider of cloud-based data warehousing solutions, Snowflake found itself at...
More details.
Posted on Tue, 05 Aug 2025 18:00:42 +0000
Ways to Mitigate Risk in Cybersecurity: Cybersecurity Risk Management
Cyber threats can wreak havoc on businesses, from data breaches to loss of reputation. Luckily, there are effective strategies available that can reduce cybersecurity risk. Avoidance is one of the... The post Ways to Mitigate Risk in Cybersecurity: Cybersecurity Risk Management appeared first on Hacker Combat...
More details.
Posted on Fri, 13 Dec 2024 12:04:08 +0000
Zero Trust Architecture
Zero trust security takes an “never trust, always verify” approach to access control. Access is only granted once an individual’s identity and context have been confirmed through multifactor authentication and...
More details.
Posted on Mon, 02 Dec 2024 10:43:16 +0000
What Is a Security Operations Center (SOC)?
A Security Operations Center (SOC) specializes in monitoring and analyzing data to detect cyber threats and prevent attacks from them. They work to sort actual threats from false positives before... The post What Is a Security Operations Center (SOC)? appeared first on Hacker Combat...
More details.
Posted on Mon, 02 Dec 2024 07:51:03 +0000
XDR vs SIEM Security Information and Event Management
The Extended Detection and Response Platform (XDR) ingestion and correlation technology captures and correlates high-fidelity data across your security layers, such as endpoint, network, logs, cloud services and identities to...
More details.
Posted on Fri, 29 Nov 2024 12:53:23 +0000
Best Free EDR for Windows PC
Endpoint detection and response (EDR) tools offer businesses that employ hybrid work models or remote employees an extra layer of cybersecurity protection. Utilizing artificial intelligence (AI) and machine learning (ML),...
More details.
Posted on Fri, 29 Nov 2024 11:19:32 +0000
Free EDR Solutions for Home Users in 2025
EDR can detect and respond to emerging and advanced cyber threats quickly and efficiently, making it an essential component of modern business ecosystems. Beyond signature-based detection capabilities, its features go...
More details.
Posted on Tue, 26 Nov 2024 07:46:59 +0000
Cloud Security Essentials
Cloud security involves employing perimeter defenses like firewalls, IDPSs and VPNs as well as guaranteeing isolation through network segmentation and virtual LANs while monitoring traffic for anomalies and threats –...
More details.
Posted on Mon, 28 Oct 2024 04:57:20 +0000
Antivirus Software
Antivirus software protects devices against viruses, malware, and other cyberthreats by detecting, quarantining, and deleting malicious code. Modern antivirus products also offer additional security features such as password protection, identity...
More details.
Posted on Mon, 28 Oct 2024 02:43:18 +0000
How to Protect Against Ransomware Attacks?
Criminal hackers employ ransomware attacks against their targets by encrypting their data and demanding that a ransom be paid within an allotted timeframe or risk losing it forever. When an... The post How to Protect Against Ransomware Attacks? appeared first on Hacker Combat...
More details.
Posted on Fri, 25 Oct 2024 03:57:42 +0000
How to Prioritize Vulnerability Remediation (Without Losing Your Mind)
Running a vulnerability scan is easy. Treating every finding as urgent is not. This model helps teams prioritize real risk instead of chasing severity scores.
More details.
Posted on Tue, 10 Feb 2026 03:27:29 +0000
Don't Let Legacy Systems Write Your Headline
What came after a dramatic Louvre heist highlights the risks of leaving legacy technology untreated in your enterprise, and how to mitigate them before they make the news.
More details.
Posted on Tue, 11 Nov 2025 02:07:00 +0000
Venmo Privacy Settings 2026: Make All Payments Private in 60 Seconds
Step-by-step guide to changing your Venmo privacy settings, including how to make past transactions private and hide your public payment history. Updated for 2026.
More details.
Posted on Tue, 28 Oct 2025 14:03:00 +0000
June Is National Internet Safety Month: Where Did It Come From?
National Internet Safety Month was born in 2005 to raise awareness around growing online risks. Nearly 20 years later, its message is more relevant than ever. Here’s how it started—and why it still matters...
More details.
Posted on Thu, 12 Jun 2025 20:49:18 +0000
The 10-Minute Security Checkup Everyone Should Do This Weekend
Skip the cybersecurity overwhelm. This 10-minute weekend checklist covers the essential security tasks that actually matter—from software updates to MFA setup. No jargon, no scare tactics, just practical steps anyone can follow to lock down their digital life...
More details.
Posted on Sun, 01 Jun 2025 19:54:27 +0000
The Spy Who Applied to Code
Think fake job applicants are just awkward interviews and padded resumes? Think again. One North Korean operative nearly infiltrated a U.S. crypto firm by pretending to be a software engineer named “Steven Smith...
More details.
Posted on Mon, 05 May 2025 14:49:00 +0000
World Password Day
Passwords are still the leading cause of breaches, and most of us still treat them like an afterthought. This post breaks down where we’re going wrong, what’s finally getting better, and why passkeys might be our best shot at a password-free future...
More details.
Posted on Thu, 01 May 2025 15:10:56 +0000
10 Ways to Secure Your Laptop
Laptops are magnets for thieves, hackers, and nosy strangers on airplanes. This guide walks you through 10 smart ways to secure your laptop—physically, digitally, and privately—so your files stay safe, your data stays yours, and your webcam isn’t watching you back...
More details.
Posted on Mon, 28 Apr 2025 14:58:00 +0000
Quishing: Phishing Got a Glow-Up
Quishing is phishing’s slicker, sneakier cousin. It hides behind QR codes, shows up on flyers and parking meters, and tricks you into handing over your credentials, often before your coffee kicks in. Here’s how it works, who it’s targeting, and how to stop it...
More details.
Posted on Thu, 24 Apr 2025 14:46:00 +0000
Locking Down My Smart Thermostats Was a Nightmare (and What It Taught Me About IoT Security)
When I tried to lock down my smart thermostats, I discovered how hard it is to control what IoT devices connect to. Here’s what I learned—and why we need NetBOM.
More details.
Posted on Mon, 14 Apr 2025 14:13:00 +0000
Ransomware: Because Who Doesn’t Want to Be Held Hostage by Their Own Files?
Ransomware: Because Who Doesn’t Want to Be Held Hostage by Their Own Files? Ransomware is no longer just a hacker’s side hustle—it’s big business. In this post, we break down what ransomware is, how it works, who it targets (on purpose and by accident), and what you can do to stay safe...
More details.
Posted on Wed, 09 Apr 2025 14:03:00 +0000
A Note on Our Domain Update
Between The Hacks has updated its default domain name to betweenthehacks.com. Everything is still here, but a few links might need attention. Learn more about this update and let us know if you spot any issues...
More details.
Posted on Fri, 04 Apr 2025 14:46:00 +0000
Passkeys: The Beginning of the End for Passwords
Still using passwords? It might be time to move on. Passkeys are a simpler, more secure way to log in—no typing, no phishing, no stress. In this post, I break down how passkeys work, why they matter, and how you can start using them today...
More details.
Posted on Thu, 03 Apr 2025 14:41:00 +0000
I Finally Segmented My Network… by Cutting the Ethernet Cable!
After years of preaching network segmentation, I took it to the next level—by physically disconnecting everything. Scissors, copper mesh, and a rotating SSID script. What could go wrong?
More details.
Posted on Tue, 01 Apr 2025 14:36:55 +0000
Unlimited Access: Every Device on Your Network Can Talk to the Internet
Most home devices can access the entire internet—and often each other. Segmentation helps, but without visibility into what your devices are doing, you’re still exposed.
More details.
Posted on Sun, 30 Mar 2025 20:32:00 +0000
If Troy Hunt Can Fall for Phishing, So Can You
Even cybersecurity experts fall for phishing attacks. When Troy Hunt, creator of Have I Been Pwned, clicked a malicious link and entered his credentials, it was a wake-up call for all of us. In this post, we break down what happened, why today’s phishing is more convincing than ever, and what you can do to protect yourself...
More details.
Posted on Fri, 28 Mar 2025 17:34:13 +0000
AI Magic: My Blog, LinkedIn, and a 7-Minute Podcast!
So, here’s something that blew my mind: I decided to test Google’s NotebookLM AI tool. I casually uploaded the URLs for my LinkedIn page and my blog, not expecting much more than a basic summary. After...
More details.
Posted on Mon, 30 Sep 2024 17:01:00 +0000
A Birthday Party, a Cold War Cipher, and the RSA Stage
If you told me a year ago that I would meet a cold war hero at a birthday party, I wouldn’t have believed you. And I would be even more skeptical if you told me she would be an unintimidating, approachable music professor with an infectious smile...
More details.
Posted on Thu, 30 Jun 2022 00:39:31 +0000
NetBOM
NetBOM, short for Network Bill of Materials, is a concept I drafted to improve IoT and network security. This post explains how NetBOM works, what it includes, and how it supports Zero Trust strategies...
More details.
Posted on Tue, 28 Dec 2021 18:52:00 +0000
log4shell
UPDATED December 16, 2021 If you are reading this, you likely have heard about Log4Shell, the December, 2021 critical zero-day remote-code execution vulnerability in the popular Log4j software library that is developed and maintained by the Apache Software Foundation...
More details.
Posted on Tue, 14 Dec 2021 18:56:34 +0000
Shocking 12 Recent Major Cyber Attacks 2026 That Are Reshaping Global Security
The year 2026 has already witnessed an alarming rise in cybercrime activity worldwide. From large-scale ransomware incidents to sophisticated nation-state espionage campaigns, the recent major cyber attacks 2026 highlight a rapidly evolving digital threat landscape...
More details.
Posted on Wed, 18 Feb 2026 20:28:47 +0000
Linux Security in 2026: Threat Landscape, Trending Attacks, and How to Harden Your Servers
Linux underpins cloud infrastructure, containers, edge devices, and supercomputers — and while it’s long been regarded as a secure platform, attackers are increasingly focusing on its ubiquitous presence...
More details.
Posted on Wed, 28 Jan 2026 05:24:13 +0000
Safeguarding the Backbone of the Global Economy: OT/ICS Security in the Oil and Gas Industry
The oil and gas industry is an essential pillar of the global economy, enabling energy production, transportation, and storage that fuel every aspect of modern life. At the core of these operations lie Operational Technology (OT) and Industrial Control Systems (ICS), critical systems responsible for monitoring and controlling key industrial processes...
More details.
Posted on Sun, 12 Jan 2025 09:37:30 +0000
Detailed Guide to SOAR and SIEM
What Is SOAR? SOAR stands for Security Orchestration, Automation, and Response. It’s a cybersecurity tool designed to simplify and enhance the efficiency of IT teams by automating responses to various security threats...
More details.
Posted on Sun, 12 Jan 2025 09:20:49 +0000
What is a cyberattack?
What is a cyberattack? Cyberattacks aim to damage or gain control or access to important documents and systems within a business or personal computer network. Cyberattacks are distributed by individuals or organizations for political, criminal, or personal intentions to destroy or gain access to classified information...
More details.
Posted on Wed, 30 Oct 2024 04:02:41 +0000
What is SIEM ?
Security information and event management, SIEM for short, is a solution that helps organizations detect, analyze, and respond to security threats before they harm business operations. SIEM, pronounced “sim,” combines both security information management (SIM) and security event management (SEM) into one security management system...
More details.
Posted on Tue, 29 Oct 2024 08:06:47 +0000
Cyber Security Operation Center Guidelines for best practices SOC Design
Cyber Security is become most needed services for all business and industries in 2024. Every business is concerned about Cyber Security. Security operations (SecOps) leaders face a multifaceted challenge:...
More details.
Posted on Tue, 30 Jan 2024 16:32:57 +0000
HOW TO BECOME CERTIFIED LEAD IMPLEMENTER – ISO 27001
ABOUT CERTIFIED LEAD IMPLEMENTER TRAINING AND EXAMINATION FOR INFORMATION SECURITY MANAGEMENT SYSTEM ISO / IEC 27001 Learn and get certified as a professional in implementation of ISO 27001 standard through our self-paced E-learning interactive course which comprises of 4 modules...
More details.
Posted on Thu, 26 Jan 2023 11:21:59 +0000
YouTube disrupted in Pakistan as former PM Imran Khan streams speech
NetBlocks metrics confirm the disruption of YouTube on multiple internet providers in Pakistan on Sunday 21 August 2022. The disruption comes as former Prime Minister Imran Khan makes a live broadcast to the public, despite a ban issued by the Pakistan Electronic Media Regulatory Authority (PEMRA)...
More details.
Posted on Mon, 22 Aug 2022 05:04:16 +0000
Recommendations for Parents about Cyber Bullying
Here are some dedicated tips for keeping younger children safe online. One of these training tips goes into the risks of young children on the Internet, covers cyber bullying and other risky Internet behavior...
More details.
Posted on Wed, 20 Oct 2021 06:36:27 +0000
How mobile app analytics library led to the PII exposure
A mobile app was leaking personally identifiable information (PII) without anyone knowing. The source? A third-party analytics library. No one on the development team had changed anything. The configuration was untouched...
More details.
Posted on Fri, 25 Jul 2025 00:00:00 +0000
SBOM from the security perspective
Introduction The current situation with SBOMs Types of SBOMs Spotting weak dependencies SBOM and CRA Generating SBOMs: Different tools for different situations Manual SBOM generation GitHub SBOM Generator SBOM for Docker SBOM Benchmarks Inconsistencies in SBOM generation tools SBOMs in security context SBOMs are not accurate SBOMs can include vulnerabilities SBOMs can be signed SBOMs can include hash sums SBOMs’ hindered commercial adoption Data format compatibility issues Privacy concerns General problems of SBOM files Conclusion Introduction # The Software Bill of Materials (SBOM) is a promising approach for keeping an eye on the key elements of a software application, including libraries, dependencies, and frameworks...
More details.
Posted on Wed, 16 Oct 2024 00:00:00 +0000
Protecting ML models running on edge devices and mobile apps
Security challenges for Machine Learning models System architecture for delivering and executing ML models on edge device Risks and threats of running ML models in mobile apps Security defences for ML models ML model encryption Cloud and API protection Mobile application anti-tampering controls Proactive anti-fraud security measures Conclusion ML models are unique combinations of data and algorithms that have been trained on massive volumes of data to provide answers, classify incoming data, and transform it...
More details.
Posted on Fri, 06 Sep 2024 00:00:00 +0000
Cossack Labs Mobile Security Score framework for mobile AppSec
The OWASP Mobile Application Security Verification Standard (MASVS) has been a valuable foundation for our mobile security engineering and assessments. This high-level guideline served us well for a long time, particularly with version 1...
More details.
Posted on Fri, 09 Aug 2024 00:00:00 +0000
Security autotests for measurable and stable application security processes
Introduction The reason behind security autotests Security Autotests How to create security autotest Writing security autotest for validating response header Customising security autotests Security autotests: Fitting use cases Input validation Security Headers are present Verification session token after logout Ready-to-use templates for security autotests Summary Introduction # Software security development is a repeatable process, and some steps could be automated to free up the valuable time of security and software engineers...
More details.
Posted on Thu, 02 May 2024 00:00:00 +0000
Practical OAuth security guide for mobile applications
Intro OAuth: The key points Approach: Reviewing security of OAuth implementation in mobile app Understanding app authentication Intricate workflow behind app-based OAuth login Handling redirects back to the mobile app OAuth security improvement with PKCE CSRF attacks mitigation with “state” parameter Automation, automation, more automation Checklist: Security assessment of OAuth implementation Conclusion Intro # Security requires managing risks with smart and controllable solutions...
More details.
Posted on Fri, 29 Mar 2024 00:00:00 +0000
Security tips on using YubiKey and FIDO U2F
Designed for securing online accounts, FIDO U2F as a protocol and YubiKey as a hardware tool are not silver bullets. If not used wisely, this powerful combo becomes an attractive target in the hands of skilful attackers...
More details.
Posted on Fri, 22 Dec 2023 00:00:00 +0000
Flutter application security considerations
Fast and easy cross-platform application frameworks are promising, yet vulnerable to attacks. Is it possible to make the cross-platform mobile application development safe while avoiding security gaps? In this post we will focus on pros and cons of Flutter, compare it with other approaches to mobile app development, go deep into platform-specific security risks that developers are to be aware of, and finally offer fundamental mobile security recommendations to make your Flutter projects more secure...
More details.
Posted on Fri, 08 Dec 2023 00:00:00 +0000
Digital payment security: Architecture guide
Building secure digital payment solutions is a challenge when it comes to balancing between convenience and security. How can we build secure digital wallets that meet the needs of fintech users and effectively protect their assets? Intro Security paradox Balancing convenience and security in digital wallets Perception of security risk Reduce outrage and build a trustworthy digital wallet Digital payment security: Key risks and threats Risk profile and threat model Custodial & non-custodial, hot & cold, multisig wallets: Security benefits vs threats Addressing digital wallet security issues Clearly define your unique risk and threat profile Digital wallets: Addressing security risks Platform security API and backend security Supply chain security Monitoring transactions and addressing security incidents Treating problems systematically: Secure software development lifecycle Targeting specific risks relevant to digital wallets Key leakage and transaction fraud Deanonymisation Know Your Customer Anti Money Laundering Anti Fraud Systems Regulations and compliance Building trustworthy digital payment platforms Security failures in digital wallets Security incidents with custodial and non-custodial wallets Security incidents with banking apps Conclusions and lessons learnt This blogpost is a part of the “Digital wallet security guides”: Read the articles Crypto wallets security as seen by security engineers, Exploring security vulnerabilities in NFC digital wallets, How to prevent digital wallet fraud...
More details.
Posted on Fri, 08 Sep 2023 00:00:00 +0000
How to prevent digital wallet fraud
Custodial or non-custodial cryptocurrency wallets, money transfer platforms, or banking mobile applications — regardless of their forms, digital wallets are expected to provide secure storage of users’ financial assets...
More details.
Posted on Thu, 13 Jul 2023 00:00:00 +0000
Exploring security vulnerabilities in NFC digital wallets
In recent years, we have been reviewing and improving the security of small near-field communication (NFC) devices: smart contactless cards, mobile digital wallets, specialised authentication devices, among others...
More details.
Posted on Thu, 23 Mar 2023 00:00:00 +0000
Smart contract security audit: tips & tricks
Smart contracts occupy a separate niche in software development. They are small, immutable, visible to everyone, run on decentralised nodes and, on top of that, transfer user funds. The smart contracts ecosystem is evolving rapidly, obtaining new development tools, practices, and vulnerabilities...
More details.
Posted on Tue, 13 Dec 2022 00:00:00 +0000
Introduction to automated security testing
Dangerous security bugs can sit in a code until someone finds them and turns into vulnerabilities that cost a piece of mind, budget or lives. To avoid a disaster, security engineers and DevSecOps engineers do their best to find and prevent weaknesses in software in the earlier stages of development...
More details.
Posted on Wed, 17 Aug 2022 00:00:00 +0000
Cryptographic failures in RF encryption allow stealing robotic devices
Cryptographic failures in the wild # Many developers see security people as annoying creatures, always pointing out mistakes and criticizing incorrect decisions. A cryptographer is considered more malignant: they know math and can tell you actual probabilities of some of your failures...
More details.
Posted on Wed, 29 Jun 2022 00:00:00 +0000
Cossack Labs stands on guard for security of Ukrainian companies
This post has been updated to reflect the current status of our support for Ukraine." Keep calm and clean your machine gun. On the morning of February 24th, the Russian Federation attacked peaceful Ukraine and shifted the narrative for the whole 21st century...
More details.
Posted on Mon, 07 Mar 2022 00:00:00 +0000
React Native libraries: Security considerations
React Native is a cross-platform framework that allows developers to write native mobile applications using JavaScript. Supporting multiple platforms means dealing with each platform’s issue (React Native, iOS, Android)...
More details.
Posted on Tue, 15 Feb 2022 00:00:00 +0000
TLS certificate validation in Golang: CRL & OCSP examples
Most applications use TLS for data-in-transit encryption and every programming language has a TLS support in its ecosystem. TLS was introduced in 1999 based on SSL 3.0. It's quite an old protocol, but, what is more important, it's very complex...
More details.
Posted on Tue, 18 Jan 2022 00:00:00 +0200
Crypto wallets security as seen by security engineers
What can go wrong when you develop a “secure” crypto wallet? How to eliminate typical security mistakes and build a secure app with multilayered data protection against mnemonic leakage and transaction forgery? Cossack Labs security engineers were involved in improving the security of several large public blockchain ecosystems and their hot non-custodial crypto wallets...
More details.
Posted on Tue, 14 Dec 2021 00:00:00 +0200
Shared responsibility model in cloud security: mind the gap
Understanding cloud security # In this article, we observe security responsibility of cloud providers: where it ends, what are the gaps and grey areas, and what risks security teams should take into account when using “as a service” platforms...
More details.
Posted on Tue, 23 Mar 2021 00:00:00 +0000
React Native app security: Things to keep in mind
When developers choose to use React Native as a platform for their mobile apps, they think about the benefits of one codebase for two platforms, increased development speed and advantages of TypeScript...
More details.
Posted on Thu, 22 Oct 2020 00:00:00 +0000
Audit logs security: cryptographically signed tamper-proof logs
Logs, audit logs, and security events are must-have components of a secure system, which help to monitor ongoing behaviour and provide forensic evidence in case of an incident. Let’s cut through complexity...
More details.
Posted on Mon, 14 Sep 2020 00:00:00 +0000
How to build OpenSSL for Carthage iOS
This story is dedicated to fellow developers struggling with updating Carthage package with the latest OpenSSL for iOS and macOS apps. Here you will find the scripts, error messages, testing matrix, and our working solution for Themis to this no small feat...
More details.
Posted on Wed, 10 Jun 2020 00:00:00 +0000
OpenSSL for iOS: tricks of OpenSSL semver
OpenSSL complexity starts with its version string. Apple, Carthage, and some dependency analysis tools have different opinions about it. Here is how we dealt with them and submitted iOS app to the App Store...
More details.
Posted on Wed, 10 Jun 2020 00:00:00 +0000
PII Encryption Requirements. Cheatsheet
This article was initially published on November 2018, then reviewed and updated with the information regarding CCPA on April 2020. We frequently see how regulatory requirements are mapped onto real-world demands during the integration of our tools and security consulting projects...
More details.
Posted on Thu, 02 Apr 2020 00:00:00 +0000
Lift & Shift: cloud security strategy
Intro # When companies move their infrastructures into the cloud, provisioning resources and configuring them to emulate their initial infrastructure — a practice called “lift and shift” — or migrate the existing solutions from one platform to another, something inevitably migrates together with all the code and assets: their security assumptions ...
More details.
Posted on Wed, 20 Nov 2019 00:00:00 +0000
How to prepare for data security issues
Understanding data security issues # The first thing that comes to mind when one thinks about security issues is typically some poorly written code that is prone to RCE, XSS, and similar attacks. But hardly anyone deliberately sets out with “I’m going to write some really bad, vulnerable code today!” intent in mind...
More details.
Posted on Mon, 28 Oct 2019 00:00:00 +0000
Implementing End-to-End encryption in Bear App
Bear with us! 🐻 # The latest release of a popular note-taking app Bear contains a new feature — end-to-end encryption of user notes. Cossack Labs team worked closely with the amazing Bear team to help deliver this feature...
More details.
Posted on Thu, 05 Sep 2019 00:00:00 +0000
Secure search over encrypted data
More and more data is outsourced to remote (cloud) storage providers fuelled by “software as a service” trends in enterprise computing. Data owners want to be certain that their data is safe against thefts by outsiders, internal threats, and untrusted service providers alike...
More details.
Posted on Tue, 23 Jul 2019 00:00:00 +0000
Install Acra 1-Click App through DigitalOcean Marketplace
Cossack Labs has recently joined the DigitalOcean Marketplace family following our mission to make high-end security tools available to the general developer audience in a convenient fashion. Acra encryption suite is one of the first data security and encryption tools on DigitalOcean Marketplace and it is now available as 1-Click App running in DigitalOcean Droplet ...
More details.
Posted on Tue, 07 May 2019 00:00:00 +0000
Acra on DigitalOcean Marketplace
We always strive to make high-end security tools available to general developer audience in a convenient fashion. Only by making data security accessible, we can ensure real security of sensitive data everywhere...
More details.
Posted on Tue, 16 Apr 2019 00:00:00 +0000
Defense in depth security strategy based on data encryption
Intro # Any set of security controls deployed in your infrastructure may fail. Given enough pressure, some controls will certainly fail. No surprises here, but the question is – how to build our systems to make security incidents less damaging in case of a failure of some components? How to prevent data leaks even in case of a successful data breach? Building security tools , we strive towards defense in depth approach...
More details.
Posted on Thu, 04 Apr 2019 00:00:00 +0000
How to build an SQL Firewall
Building AcraCensor transparent SQL firewall There are two main ways to mitigate SQL injections: inside the app (using prepared statements, stored procedures, escaping) and outside the app (using Web Application Firewalls or SQL firewalls)...
More details.
Posted on Tue, 05 Mar 2019 00:00:00 +0000
How to prevent SQL injections when WAF’s not enough
Can WAF prevent SQL injection? What is the biggest threat to a tool that prevents unauthorised database access? Requests from the application side that trigger data leakage. Namely, SQL injections and other application attacks that allow attackers to craft custom SQL queries...
More details.
Posted on Wed, 13 Feb 2019 00:00:00 +0000
Blockchain & GDPR: dos and don’ts while achieving compliance
On blockchain and GDPR As cryptographers who develop data security tools that heavily involve cryptography (surprise surprise), we get asked a lot of questions about “crypto”. Unfortunately, not “cryptozoology”* crypto, but neither it is cryptography...
More details.
Posted on Tue, 22 Jan 2019 00:00:00 +0000
Thank You for Contributing and Using Themis in 2018
We believe that everyone should be able to create secure applications and protect users’ privacy. That’s why our main cryptographic components are open source and developer-friendly. But open-source would be nothing without external contributions and feedback from users...
More details.
Posted on Thu, 20 Dec 2018 00:00:00 +0000
Hiring External Security Team: What You Need to Know
In our company, we’ve succeeded in clearly articulating the deliverables of our products and consulting projects. Building a network of great partners and delegating the work out of range of our primary competencies to them helps both parties concentrate on what’s we’re best at...
More details.
Posted on Tue, 27 Nov 2018 00:00:00 +0000
How to Implement Tracing in a Modern Distributed Application
Distributed tracing is incredibly helpful during the integration and optimisation of microservice-rich software. Before implementing tracing as a publicly available feature in the latest version of Acra, we did a small research to catch up with current industry standards in tracing protocols and tools...
More details.
Posted on Thu, 22 Nov 2018 00:00:00 +0000
GDPR for software developers: implementing rights and security demands
A methodical software developer’s perspective on mapping privacy regulations to changes in the database structure, updates in DevOps practices, backups, and restricted processing. GDPR and software development After 2 years of fearful anticipation, GDPR is finally here, in full effect starting with May 25, 2018...
More details.
Posted on Thu, 20 Sep 2018 00:00:00 +0000
Poison Records in Acra – Database Honeypots for Intrusion Detection
Poison Records in Acra Intro When naming our special type of data containers created for raising an alarm within Acra-powered infrastructures, we were sure we’ve seen the term “poison records” used elsewhere in the same context...
More details.
Posted on Thu, 16 Aug 2018 00:00:00 +0000
Social Events of Spring-Summer 2018 for Cossack Labs
Late April throughout late June of 2018 was quite a hot time for the Cossack Labs team as we were actively developing our products, releasing feature after feature for Acra and Themis and also participated, spoken at, and hosted a number of conferences, meetups, and workshops...
More details.
Posted on Fri, 13 Jul 2018 00:00:00 +0000
How to reduce Docker image size (Example)
Need for Docker image reducing To provide convenient delivery and faster deployment of our tools, just like everybody else − we use Docker. This article describes our experience of using containers for distribution of our product Acra (database encryption suite) and focuses on the method we used to reduce the size of Docker images approximately by 62-64 times...
More details.
Posted on Tue, 29 May 2018 00:00:00 +0000
Moving to OpenSSL 1.1.0 — How We Did It
This article was published in 2018 about R&D work, which resulted in stable production release of Themis that now uses OpenSSL 1.1.1g If you’re a developer and you’re dealing with cryptography for your app, consider using high-level cryptographic libraries like Themis instead of OpenSSL...
More details.
Posted on Mon, 09 Apr 2018 00:00:00 +0000
2017 at Cossack Labs
Stats This was an eventful year for Cossack Labs! According to our GitHub stats, in 2017 we: made 1200 commits into master branches; merged 260 PRs; accumulated 444 new stars. Products and releases We picked a weird, but hopefully auspicious habit of releasing stuff on holidays or 13th days of the month (preferably Fridays :) or Mercury retrograde periods: Acra Acra’s public release took place on the 8th of March...
More details.
Posted on Fri, 29 Dec 2017 00:00:00 +0000
Happy Holidays from Cossack Labs!
Season’s greetings and all kinds of good things in the New Year! – With 🔒 from Cossack Labs!
More details.
Posted on Mon, 25 Dec 2017 00:00:00 +0000
Auditable Macros in C Code
Intro Like death and taxes, one thing that you can be sure of is that using C macros in a modern software project will cause a debate. While for some macros remain a convenient and efficient way of achieving particular programming goals, for others they are opaque, introduce the unnecessary risk of coding errors, and reduce readability...
More details.
Posted on Thu, 23 Nov 2017 00:00:00 +0000
Replacing OpenSSL with Libsodium
This article was published in 2017 about R&D work, which resulted in stable production release of Themis. Intro In our ongoing effort to make Themis work with different cryptographic backends, we've decided to try something more challenging than just displacing similar primitives...
More details.
Posted on Thu, 21 Sep 2017 00:00:00 +0000
Replacing OpenSSL with BoringSSL in a Complex Multi-Platform Layout
This article was published in 2017 about R&D work, which resulted in stable production release of Themis that uses BoringSSL as one of crypto-engines. If you’re a developer and you’re dealing with cryptography for your app, consider using high-level cryptographic libraries like Themis instead of BoringSSL...
More details.
Posted on Tue, 11 Jul 2017 00:00:00 +0000
Importing with ctypes in Python: fighting overflows
Introduction On some cold winter night, we've decided to refactor a few examples and tests for Python wrapper in Themis, because things have to be not only efficient and useful, but elegant as well. One thing after another, and we ended up revamping Themis error codes a bit...
More details.
Posted on Mon, 06 Mar 2017 00:00:00 +0000
Plugging leaks in Go memory management
Intro As many of you know, Go is an amazing modern programming language with automated memory management. We love Go: we've used it to build Acra, our database encryption suite, we further use it to build other products...
More details.
Posted on Tue, 28 Feb 2017 00:00:00 +0000
2016 at Cossack Labs
Bright and full of new 2016 year insensibly came to an end. Writing good software is hard: absorbed in developing our main products, closed a testing round of Acra (all hail the braves who dedicated an immense amount of time giving us feedback), we’ve spent most of the year undercover...
More details.
Posted on Fri, 30 Dec 2016 00:00:00 +0000
13 tips to enhance database and infrastructure security
Article updated in 2019. Previously in the series... Previously, we’ve talked about design patterns best practices in backend security, then about key management goals and techniques. It is important to understand that database security evolved with system administration techniques and programming demands, with cryptography and access controls being complementary features, rather than cornerstones...
More details.
Posted on Tue, 13 Dec 2016 00:00:00 +0000
Why making Internet safe is everyone’s responsibility
Responsibility is yours, mine, and that developer's in the office nearby. Open any tech news aggregator and chances are, one-third of all news will be security-related. What we are seeing right now is insane raise of awareness to cyber security, dictated by security threats suddenly turning looming on the horizon to dangerously close to anybody on the Internet...
More details.
Posted on Wed, 26 Oct 2016 00:00:00 +0000
Key management in data security: fundamentals
Key management in security system Frequently overlooked, much less hyped than quantum computers breaking trapdoor functions, managing keys is actually the most important part of building a security system...
More details.
Posted on Wed, 21 Sep 2016 00:00:00 +0000
Backend security: design patterns best practices
This article was revisited and updated in August 2018. In modern client-server applications, most of the sensitive data is stored (and consequently leaked) on the backend. At Cossack Labs, we’re working on novel techniques to protect the data within modern infrastructures...
More details.
Posted on Mon, 15 Aug 2016 00:00:00 +0000
Zero Knowledge Protocols without magic
When we’ve first released Secure Comparator to use in our Themis crypto library and started talking about novel authentication concepts, we’ve encountered a few common misconceptions and plenty of magical thinking about Zero-Knowledge Proofs as a phenomenon...
More details.
Posted on Wed, 27 Jul 2016 00:00:00 +0000
Perimeter security: avoiding disappointment, shame and despair
Perimeter security: looking back Over the years, the Internet has evolved, and complex systems facing the Internet have evolved too. Traditional security methodology to defend these systems was to build strong walls around your most valuable assets: build a castle and hope it stands against the external adversary...
More details.
Posted on Wed, 20 Jul 2016 00:00:00 +0000
Choose your Android crypto (Infographic)
Why do I even need to choose? Warning: This article borrows a lot from our original Choose your iOS Crypto publication, so if you've read that one, feel free to skip ahead to the libraries and ending notes about the actual Android specificities...
More details.
Posted on Mon, 23 May 2016 00:00:00 +0000
Building Sesto, in-browser password manager
Intro: what is Sesto Sesto (abbreviation for Secret Store) is open source passwords (and general secrets) manager for web. What sets Sesto apart from many other password managers is: it's web password manager, e...
More details.
Posted on Thu, 21 Apr 2016 00:00:00 +0000
Benchmarking Secure Comparator
When we conceived Secure Comparator, we saw that it is going to be slightly slower than existing authentication methods, because: SMP requires much more rounds of data exchange each round involves expensive calculations our modification of ed25519 implementation involves blinding to avoid timing attacks, which makes overall performance even slower This is a consequence of different demands and different security guarantees Secure Comparator gives: let systems with zero shared information exchange requests to data, where request data itself is a leakage...
More details.
Posted on Thu, 07 Apr 2016 00:00:00 +0000
Crypto in iOS: Choose your destiny (Infographic)
Why do I even need to choose? When building your next app, you might realize that you need to encrypt the data. There are two main reasons for that: The need to transmit sensitive data to server and back; The need to store sensitive data...
More details.
Posted on Wed, 30 Mar 2016 00:00:00 +0000
Building secure end-to-end webchat with Themis
Intro While developing components of our products, we love to explore use cases and usability through creating real-world test stands. 0fc is a side-product of WebThemis research: while doing some protocol design for front-end clients with WebThemis services, we wanted to try it in a real-world situation...
More details.
Posted on Thu, 17 Mar 2016 00:00:00 +0000
Building LibreSSL for PNaCl
Intro While building WebThemis, we've encountered the need to build LibreSSL for PNaCl as a source of cryptographic primitives. The problem? LibreSSL has huge codebase with a lot of complicated code, that won't build on new platform out of the box...
More details.
Posted on Mon, 14 Mar 2016 00:00:00 +0000
Building and Using Themis in PNaCl
Intro Native Client (NaCl) allows browser applications to launch a native low-level code in an isolated environment. Thanks to this, some code, performance code parts can be rewritten in C or C++ easily...
More details.
Posted on Tue, 08 Mar 2016 00:00:00 +0000
What's wrong with Web Cryptography
Introduction Building full stack of cryptographic protection for modern applications includes working with the modern web browser, of course. However, through 20+ years of history of web browsers, we're at the stage where in-browser cryptography is still problematic, and best you can rely on is SSL...
More details.
Posted on Thu, 03 Mar 2016 00:00:00 +0000
Fixing Secure Comparator
Introduction The idea behind Socialist Millionaire Protocol is to provide definite answer to the question whether two communicating parties possess the same secret or not in a secure (zero-knowledge) manner...
More details.
Posted on Thu, 11 Feb 2016 00:00:00 +0000
Introducing Secure Comparator
A word to pass Passwords are the ultimate keepers of security, extensively used in the 21st century's Internet. As more and more aspects of our lives become accessible online, the importance of keeping your passwords secure becomes crucial, because anybody knowing the password may access your accounts...
More details.
Posted on Wed, 09 Dec 2015 00:00:00 +0000
Why we need novel authentication schemes?
Introduction: A Word To Pass Before introducing our novel request authentication scheme in Themis, we’ve decided to create an overview of the existing methods of authentication and try to look into what the future might bring us...
More details.
Posted on Thu, 26 Nov 2015 00:00:00 +0000
WeakDH/LogJam vs Secure Session
Intro After LogJam vulnerability was published, and then the WeakDH paper (Imperfect Forward Secrecy: How Diffie-Hellman Fails in Practice) was published, we were asked a few times: since Secure Session uses Diffie-Hellman key negotiation, is prone to the same attacks? We wrote this small note to explain why we are safe from such attacks, and how generally decisions about such important security features are being done for the open source Themis crypto library...
More details.
Posted on Fri, 20 Nov 2015 00:00:00 +0000
Armoring ed25519 to meet extended security challenges
This article was revisited and updated in October 2018. Introduction We strive to use the best state-of-the-art cryptography for our library Themis. So when we wanted to implement an important novel feature Secure Comparator (that includes the so-called "Socialist Millionaire Protocol"), we needed to replace the prime-field modular arithmetic with something stronger...
More details.
Posted on Wed, 18 Nov 2015 00:00:00 +0000
Why you should avoid SSL for your next application
Introduction 2018 update: This article was 4 years old, and even then presented disputable opinion. Many things have changed since then, we're having TLS 1.3, which eliminates a number of cryptographic concerns and enforces correct uses...
More details.
Posted on Wed, 28 Oct 2015 00:00:00 +0000
Building encrypted chat service with Themis and mobile websocket example
Introduction Imagine you'd like to build your own chat server, which allows clients to exchange messages safely. You have a simple infrastructure consisting of a server written in Ruby and clients for iOS and Android...
More details.
Posted on Thu, 01 Oct 2015 00:00:00 +0000
Notes on adding cutting edge features
As we've stated in the past, the Themis library grew out of our own needs for a secure, efficient and convenient cryptographic library. While providing abstracted high-level services, Themis uses trusted, well established implementations of cryptographic primitives such as those provided by LibreSSL/OpenSSL or platform native cryptography providers...
More details.
Posted on Tue, 22 Sep 2015 00:00:00 +0000
Releasing Themis into public: usability testing
How we did usability testing for Themis when releasing the open source library into public. When we were ready to release Themis, we've gathered a few colleagues and decided to make a test run on unsuspecting developers - how would the library blend into their workflows? 1...
More details.
Posted on Wed, 03 Jun 2015 00:00:00 +0000
Cybersecurity Professional Standards
Discover how unified cybersecurity professional standards and the UK Cyber Security Council are redefining trust, talent, and resilience in finance.
More details.
Posted on Tue, 29 Jul 2025 11:41:52 +0000
TLPT: Threat Led Penetration Testing Explained
Discover how TLPT (threat led penetration testing) helps organizations validate defenses against real-world cyber threats. Learn who needs threat led pentesting, what drives demand, and how it differs from red teaming and classic pentesting...
More details.
Posted on Fri, 20 Jun 2025 08:00:00 +0000
EUVD Vulnerability Database: Europe’s Answer to CVE Instability
The EUVD marks a strategic shift in vulnerability management, offering a transparent and sovereign alternative to the U.S.-centric CVE system—backed by EU law.
More details.
Posted on Wed, 14 May 2025 09:11:06 +0000
Cyber Incident Response Tips for Small Businesses
Learn how small businesses can build cyber incident response plans by adapting practical strategies from the UK’s “Cyber Incident Grab Bag.”
More details.
Posted on Sat, 03 May 2025 14:06:58 +0000
CVE Under Threat: What You Need to Know
MITRE’s CVE contract expired on April 16, putting global vulnerability tracking at risk. Learn what’s happening and how the security community is responding.
More details.
Posted on Wed, 16 Apr 2025 15:01:36 +0000
Unforgivable Software Vulnerabilities
Some software vulnerabilities are unforgivable—easy to find, easy to fix, and never should’ve existed. Here’s how to spot and prevent them.
More details.
Posted on Fri, 04 Apr 2025 14:27:14 +0000
Preventing Crypto Exchange Hacks: Lessons from Bybit Heist
Bybit lost $1.4B in a North Korean hack via malware, fake UI, and blind signing. Learn key security strategies to protect exchanges from cyber threats!
More details.
Posted on Wed, 26 Feb 2025 09:27:46 +0000
Cyber Defense Using Cyber Kill Chain and MITRE ATT&CK Explained
Learn how the Cyber Kill Chain and MITRE ATT&CK Framework enhance security by identifying, detecting, and responding to cyber threats effectively.
More details.
Posted on Thu, 06 Feb 2025 13:41:48 +0000
The Future of Authentication: Passkeys vs Passwords and 2FA
Passkeys replace passwords with secure, easy logins using biometrics and cryptography, eliminating phishing, breaches, and 2FA issues.
More details.
Posted on Wed, 22 Jan 2025 09:22:47 +0000
Lessons from 2024’s Worst Cyberattacks and How to Stay Secure
Analyzing 2024’s biggest cyberattacks: breaches, vulnerabilities exploited, and actionable steps to strengthen defenses for 2025.
More details.
Posted on Mon, 13 Jan 2025 21:47:29 +0000
What we do and what we offer.
About penetration tests and about our news.
