Latest news about information security vulnerabilities, threats, incidents and events
Prevention of security vulnerabilities, threats, and incidents described below is wiser and cheaper than forensic investigations and mitigation of the consequences of a cyber-attack.
You can get evidence of this fact from the news below.
Use our services to find and mitigate your security vulnerabilities before the security threat agents find them.
WhatsApp Worm Spreads Astaroth Banking Trojan Across Brazil via Contact Auto-Messaging
Cybersecurity researchers have disclosed details of a new campaign that uses WhatsApp as a distribution vector for a Windows banking trojan called Astaroth in attacks targeting Brazil.
The campaign has been codenamed Boto Cor-de-Rosa by Acronis Threat Research Unit...
More details.
Posted on Thu, 08 Jan 2026 22:40:00 +0530
China-Linked UAT-7290 Targets Telecoms with Linux Malware and ORB Nodes
A China-nexus threat actor known as UAT-7290 has been attributed to espionage-focused intrusions against entities in South Asia and Southeastern Europe.
The activity cluster, which has been active since...
More details.
Posted on Thu, 08 Jan 2026 20:24:00 +0530
ThreatsDay Bulletin: RustFS Flaw, Iranian Ops, WebUI RCE, Cloud Leaks, and 12 More Stories
The internet never stays quiet. Every week, new hacks, scams, and security problems show up somewhere.
This week’s stories show how fast attackers change their tricks, how small mistakes turn into big risks, and how the same old tools keep finding new ways to break in...
More details.
Posted on Thu, 08 Jan 2026 18:19:00 +0530
The State of Trusted Open Source
Chainguard, the trusted source for open source, has a unique view into how modern organizations actually consume open source software and where they run into risk and operational burdens. Across a growing...
More details.
Posted on Thu, 08 Jan 2026 17:20:00 +0530
Cisco Patches ISE Security Vulnerability After Public PoC Exploit Release
Cisco has released updates to address a medium-severity security flaw in Identity Services Engine (ISE) and ISE Passive Identity Connector (ISE-PIC) with a public proof-of-concept (PoC) exploit.
The vulnerability, tracked as CVE-2026-20029 (CVSS score: 4...
More details.
Posted on Thu, 08 Jan 2026 16:14:00 +0530
Researchers Uncover NodeCordRAT Hidden in npm Bitcoin-Themed Packages
Cybersecurity researchers have discovered three malicious npm packages that are designed to deliver a previously undocumented malware called NodeCordRAT.
The names of the packages, all of which were taken down as of November 2025, are listed below...
More details.
Posted on Thu, 08 Jan 2026 16:01:00 +0530
Coolify Discloses 11 Critical Flaws Enabling Full Server Compromise on Self-Hosted Instances
Cybersecurity researchers have disclosed details of multiple critical-severity security flaws affecting Coolify, an open-source, self-hosting platform, that could result in authentication bypass and remote code execution...
More details.
Posted on Thu, 08 Jan 2026 15:23:00 +0530
OpenAI Launches ChatGPT Health with Isolated, Encrypted Health Data Controls
Artificial intelligence (AI) company OpenAI on Wednesday announced the launch of ChatGPT Health, a dedicated space that allows users to have conversations with the chatbot about their health.
To that end,...
More details.
Posted on Thu, 08 Jan 2026 12:27:00 +0530
CISA Flags Microsoft Office and HPE OneView Bugs as Actively Exploited
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Wednesday added two security flaws impacting Microsoft Office and Hewlett Packard Enterprise (HPE) OneView to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation...
More details.
Posted on Thu, 08 Jan 2026 10:22:00 +0530
Webinar: Learn How AI-Powered Zero Trust Detects Attacks with No Files or Indicators
Security teams are still catching malware. The problem is what they're not catching.
More attacks today don't arrive as files. They don't drop binaries. They don't trigger classic alerts...
More details.
Posted on Wed, 07 Jan 2026 22:49:00 +0530
Black Cat Behind SEO Poisoning Malware Campaign Targeting Popular Software Searches
A cybercrime gang known as Black Cat has been attributed to a search engine optimization (SEO) poisoning campaign that employs fraudulent sites advertising popular software to trick users into downloading a backdoor capable of stealing sensitive data...
More details.
Posted on Wed, 07 Jan 2026 22:39:00 +0530
Critical n8n Vulnerability (CVSS 10.0) Allows Unauthenticated Attackers to Take Full Control
Cybersecurity researchers have disclosed details of yet another maximum-severity security flaw in n8n, a popular workflow automation platform, that allows an unauthenticated remote attacker to gain complete control over susceptible instances...
More details.
Posted on Wed, 07 Jan 2026 19:18:00 +0530
n8n Warns of CVSS 10.0 RCE Vulnerability Affecting Self-Hosted and Cloud Versions
Open-source workflow automation platform n8n has warned of a maximum-severity security flaw that, if successfully exploited, could result in authenticated remote code execution (RCE).
The vulnerability, which has been assigned the CVE identifier CVE-2026-21877, is rated 10...
More details.
Posted on Wed, 07 Jan 2026 16:56:00 +0530
The Future of Cybersecurity Includes Non-Human Employees
Non-human employees are becoming the future of cybersecurity, and enterprises need to prepare accordingly. As organizations scale Artificial Intelligence (AI) and cloud automation, there is exponential growth in Non-Human Identities (NHIs), including bots, AI agents, service accounts and automation scripts...
More details.
Posted on Wed, 07 Jan 2026 16:30:00 +0530
Veeam Patches Critical RCE Vulnerability with CVSS 9.0 in Backup & Replication
Veeam has released security updates to address multiple flaws in its Backup & Replication software, including a "critical" issue that could result in remote code execution (RCE).
The vulnerability, tracked as CVE-2025-59470, carries a CVSS score of 9...
More details.
Posted on Wed, 07 Jan 2026 16:11:00 +0530
Microsoft Warns Misconfigured Email Routing Can Enable Internal Domain Phishing
Threat actors engaging in phishing attacks are exploiting routing scenarios and misconfigured spoof protections to impersonate organizations' domains and distribute emails that appear as if they have been sent internally...
More details.
Posted on Wed, 07 Jan 2026 15:12:00 +0530
Ongoing Attacks Exploiting Critical RCE Vulnerability in Legacy D-Link DSL Routers
A newly discovered critical security flaw in legacy D-Link DSL gateway routers has come under active exploitation in the wild.
The vulnerability, tracked as CVE-2026-0625 (CVSS score: 9.3), concerns a case of command injection in the "dnscfg...
More details.
Posted on Wed, 07 Jan 2026 10:01:00 +0530
Two Chrome Extensions Caught Stealing ChatGPT and DeepSeek Chats from 900,000 Users
Cybersecurity researchers have discovered two new malicious extensions on the Chrome Web Store that are designed to exfiltrate OpenAI ChatGPT and DeepSeek conversations alongside browsing data to servers under the attackers' control...
More details.
Posted on Tue, 06 Jan 2026 22:51:00 +0530
Unpatched Firmware Flaw Exposes TOTOLINK EX200 to Full Remote Device Takeover
The CERT Coordination Center (CERT/CC) has disclosed details of an unpatched security flaw impacting TOTOLINK EX200 wireless range extender that could allow a remote authenticated attacker to gain full control of the device...
More details.
Posted on Tue, 06 Jan 2026 21:17:00 +0530
Fake Booking Emails Redirect Hotel Staff to Fake BSoD Pages Delivering DCRat
Source: Securonix
Cybersecurity researchers have disclosed details of a new campaign dubbed PHALT#BLYX that has leveraged ClickFix-style lures to display fixes for fake blue screen of death (BSoD) errors in attacks targeting the European hospitality sector...
More details.
Posted on Tue, 06 Jan 2026 17:43:00 +0530
What is Identity Dark Matter?
The Invisible Half of the Identity Universe
Identity used to live in one place - an LDAP directory, an HR system, a single IAM portal.
Not anymore. Today, identity is fragmented across SaaS, on-prem, IaaS, PaaS, home-grown, and shadow applications...
More details.
Posted on Tue, 06 Jan 2026 17:00:00 +0530
VS Code Forks Recommend Missing Extensions, Creating Supply Chain Risk in Open VSX
Popular artificial intelligence (AI)-powered Microsoft Visual Studio Code (VS Code) forks such as Cursor, Windsurf, Google Antigravity, and Trae have been found to recommend extensions that are non-existent in the Open VSX registry, potentially opening the door to supply chain risks when bad actors publish malicious packages under those names...
More details.
Posted on Tue, 06 Jan 2026 16:55:00 +0530
New n8n Vulnerability (9.9 CVSS) Lets Authenticated Users Execute System Commands
A new critical security vulnerability has been disclosed in n8n, an open-source workflow automation platform, that could enable an authenticated attacker to execute arbitrary system commands on the underlying host...
More details.
Posted on Tue, 06 Jan 2026 10:38:00 +0530
Critical AdonisJS Bodyparser Flaw (CVSS 9.2) Enables Arbitrary File Write on Servers
Users of the "@adonisjs/bodyparser" npm package are being advised to update to the latest version following the disclosure of a critical security vulnerability that, if successfully exploited, could allow a remote attacker to write arbitrary files on the server...
More details.
Posted on Tue, 06 Jan 2026 09:00:00 +0530
Russia-Aligned Hackers Abuse Viber to Target Ukrainian Military and Government
The Russia-aligned threat actor known as UAC-0184 has been observed targeting Ukrainian military and government entities by leveraging the Viber messaging platform to deliver malicious ZIP archives.
"This...
More details.
Posted on Mon, 05 Jan 2026 23:26:00 +0530
Kimwolf Android Botnet Infects Over 2 Million Devices via Exposed ADB and Proxy Networks
The botnet known as Kimwolf has infected more than 2 million Android devices by tunneling through residential proxy networks, according to findings from Synthient.
"Key actors involved in the Kimwolf botnet are observed monetizing the botnet through app installs, selling residential proxy bandwidth, and selling its DDoS functionality," the company said in an analysis published last week...
More details.
Posted on Mon, 05 Jan 2026 22:11:00 +0530
⚡ Weekly Recap: IoT Exploits, Wallet Breaches, Rogue Extensions, AI Abuse & More
The year opened without a reset. The same pressure carried over, and in some places it tightened. Systems people assume are boring or stable are showing up in the wrong places. Attacks moved quietly, reused familiar paths, and kept working longer than anyone wants to admit...
More details.
Posted on Mon, 05 Jan 2026 18:23:00 +0530
The State of Cybersecurity in 2025: Key Segments, Insights, and Innovations
Featuring:
Cybersecurity is being reshaped by forces that extend beyond individual threats or tools. As organizations operate across cloud infrastructure, distributed endpoints, and complex supply chains, security has shifted from a collection of point solutions to a question of architecture, trust, and execution speed...
More details.
Posted on Mon, 05 Jan 2026 17:25:00 +0530
Bitfinex Hack Convict Ilya Lichtenstein Released Early Under U.S. First Step Act
Ilya Lichtenstein, who was sentenced to prison last year for money laundering charges in connection with his role in the massive hack of cryptocurrency exchange Bitfinex in 2016, said he has been released early...
More details.
Posted on Mon, 05 Jan 2026 15:12:00 +0530
New VVS Stealer Malware Targets Discord Accounts via Obfuscated Python Code
Cybersecurity researchers have disclosed details of a new Python-based information stealer called VVS Stealer (also styled as VVS $tealer) that's capable of harvesting Discord credentials and tokens...
More details.
Posted on Mon, 05 Jan 2026 13:18:00 +0530
Transparent Tribe Launches New RAT Attacks Against Indian Government and Academia
The threat actor known as Transparent Tribe has been attributed to a fresh set of attacks targeting Indian governmental, academic, and strategic entities with a remote access trojan (RAT) that grants them persistent control over compromised hosts...
More details.
Posted on Fri, 02 Jan 2026 19:22:00 +0530
The ROI Problem in Attack Surface Management
Attack Surface Management (ASM) tools promise reduced risk. What they usually deliver is more information.
Security teams deploy ASM, asset inventories grow, alerts start flowing, and dashboards fill up...
More details.
Posted on Fri, 02 Jan 2026 17:00:00 +0530
Cybercriminals Abuse Google Cloud Email Feature in Multi-Stage Phishing Campaign
Cybersecurity researchers have disclosed details of a phishing campaign that involves the attackers impersonating legitimate Google-generated messages by abusing Google Cloud's Application Integration service to distribute emails...
More details.
Posted on Fri, 02 Jan 2026 14:44:00 +0530
ThreatsDay Bulletin: GhostAd Drain, macOS Attacks, Proxy Botnets, Cloud Exploits, and 12+ Stories
The first ThreatsDay Bulletin of 2026 lands on a day that already feels symbolic — new year, new breaches, new tricks. If the past twelve months taught defenders anything, it’s that threat actors don’t pause for holidays or resolutions...
More details.
Posted on Thu, 01 Jan 2026 21:22:00 +0530
RondoDox Botnet Exploits Critical React2Shell Flaw to Hijack IoT Devices and Web Servers
Cybersecurity researchers have disclosed details of a persistent nine-month-long campaign that has targeted Internet of Things (IoT) devices and web applications to enroll them into a botnet known as RondoDox...
More details.
Posted on Thu, 01 Jan 2026 14:49:00 +0530
How To Browse Faster and Get More Done Using Adapt Browser
As web browsers evolve into all-purpose platforms, performance and productivity often suffer.
Feature overload, excessive background processes, and fragmented workflows can slow down browsing sessions and introduce unnecessary friction, especially for users who rely on the browser as a primary work environment...
More details.
Posted on Thu, 01 Jan 2026 11:17:00 +0530
Trust Wallet Chrome Extension Hack Drains $8.5M via Shai-Hulud Supply Chain Attack
Trust Wallet on Tuesday revealed that the second iteration of the Shai-Hulud (aka Sha1-Hulud) supply chain outbreak in November 2025 was likely responsible for the hack of its Google Chrome extension, ultimately resulting in the theft of approximately $8...
More details.
Posted on Wed, 31 Dec 2025 21:59:00 +0530
DarkSpectre Browser Extension Campaigns Exposed After Impacting 8.8 Million Users Worldwide
The threat actor behind two malicious browser extension campaigns, ShadyPanda and GhostPoster, has been attributed to a third attack campaign codenamed DarkSpectre that has impacted 2.2 million users of Google Chrome, Microsoft Edge, and Mozilla Firefox...
More details.
Posted on Wed, 31 Dec 2025 21:44:00 +0530
Critical CVSS 9.8 Flaw Found in IBM API Connect Authentication System
IBM has disclosed details of a critical security flaw in API Connect that could allow attackers to gain remote access to the application.
The vulnerability, tracked as CVE-2025-13915, is rated 9.8 out of a maximum of 10...
More details.
Posted on Wed, 31 Dec 2025 19:07:00 +0530
Researchers Spot Modified Shai-Hulud Worm Testing Payload on npm Registry
Cybersecurity researchers have disclosed details of what appears to be a new strain of Shai Hulud on the npm registry with slight modifications from the previous wave observed last month.
The npm package that embeds the novel Shai Hulud strain is "@vietmoney/react-big-calendar," which was uploaded to npm back in March 2021 by a user named "hoquocdat...
More details.
Posted on Wed, 31 Dec 2025 18:59:00 +0530
U.S. Treasury Lifts Sanctions on Three Individuals Linked to Intellexa and Predator Spyware
The U.S. Department of the Treasury's Office of Foreign Assets Control (OFAC) on Tuesday removed three individuals linked to the Intellexa Consortium, the holding company behind a commercial spyware known as Predator, from the specially designated nationals list...
More details.
Posted on Wed, 31 Dec 2025 10:47:00 +0530
CSA Issues Alert on Critical SmarterMail Bug Allowing Remote Code Execution
The Cyber Security Agency of Singapore (CSA) has issued a bulletin warning of a maximum-severity security flaw in SmarterTools SmarterMail email software that could be exploited to achieve remote code execution...
More details.
Posted on Tue, 30 Dec 2025 21:58:00 +0530
Silver Fox Targets Indian Users With Tax-Themed Emails Delivering ValleyRAT Malware
The threat actor known as Silver Fox has turned its focus to India, using income tax-themed lures in phishing campaigns to distribute a modular remote access trojan called ValleyRAT (aka Winos 4.0).
"This...
More details.
Posted on Tue, 30 Dec 2025 16:16:00 +0530
How to Integrate AI into Modern SOC Workflows
Artificial intelligence (AI) is making its way into security operations quickly, but many practitioners are still struggling to turn early experimentation into consistent operational value. This is because SOCs are adopting AI without an intentional approach to operational integration...
More details.
Posted on Tue, 30 Dec 2025 15:00:00 +0530
Mustang Panda Uses Signed Kernel-Mode Rootkit to Load TONESHELL Backdoor
The Chinese hacking group known as Mustang Panda (aka HoneyMyte) has leveraged a previously undocumented kernel-mode rootkit driver to deliver a new variant of backdoor dubbed TONESHELL in a cyber attack detected in mid-2025 targeting an unspecified entity in Asia...
More details.
Posted on Tue, 30 Dec 2025 14:05:00 +0530
⚡ Weekly Recap: MongoDB Attacks, Wallet Breaches, Android Spyware, Insider Crime & More
Last week’s cyber news in 2025 was not about one big incident. It was about many small cracks opening at the same time. Tools people trust every day behave in unexpected ways. Old flaws resurfaced...
More details.
Posted on Mon, 29 Dec 2025 19:08:00 +0530
MongoDB Vulnerability CVE-2025-14847 Under Active Exploitation Worldwide
A recently disclosed security vulnerability in MongoDB has come under active exploitation in the wild, with over 87,000 potentially susceptible instances identified across the world.
The vulnerability in question is CVE-2025-14847 (CVSS score: 8...
More details.
Posted on Mon, 29 Dec 2025 15:16:00 +0530
27 Malicious npm Packages Used as Phishing Infrastructure to Steal Login Credentials
Cybersecurity researchers have disclosed details of what has been described as a "sustained and targeted" spear-phishing campaign that has published over two dozen packages to the npm registry to facilitate credential theft...
More details.
Posted on Mon, 29 Dec 2025 15:14:00 +0530
Traditional Security Frameworks Leave Organizations Exposed to AI-Specific Attack Vectors
In December 2024, the popular Ultralytics AI library was compromised, installing malicious code that hijacked system resources for cryptocurrency mining. In August 2025, malicious Nx packages leaked 2,349 GitHub, cloud, and AI credentials...
More details.
Posted on Mon, 29 Dec 2025 12:04:00 +0530
New MongoDB Flaw Lets Unauthenticated Attackers Read Uninitialized Memory
A high-severity security flaw has been disclosed in MongoDB that could allow unauthenticated users to read uninitialized heap memory.
The vulnerability, tracked as CVE-2025-14847 (CVSS score: 8.7), has...
More details.
Posted on Sat, 27 Dec 2025 13:22:00 +0530
Student Loan Breach Exposes 2.5M Records
2.5 million people were affected, in a breach that could spell more trouble down the line.
More details.
Posted on Wed, 31 Aug 2022 12:57:48 +0000
Watering Hole Attacks Push ScanBox Keylogger
Researchers uncover a watering hole attack likely carried out by APT TA423, which attempts to plant the ScanBox JavaScript-based reconnaissance tool.
More details.
Posted on Tue, 30 Aug 2022 16:00:43 +0000
Tentacles of ‘0ktapus’ Threat Group Victimize 130 Firms
Over 130 companies tangled in sprawling phishing campaign that spoofed a multi-factor authentication system.
More details.
Posted on Mon, 29 Aug 2022 14:56:19 +0000
Ransomware Attacks are on the Rise
Lockbit is by far this summer’s most prolific ransomware group, trailed by two offshoots of the Conti group.
More details.
Posted on Fri, 26 Aug 2022 16:44:27 +0000
Cybercriminals Are Selling Access to Chinese Surveillance Cameras
Tens of thousands of cameras have failed to patch a critical, 11-month-old CVE, leaving thousands of organizations exposed.
More details.
Posted on Thu, 25 Aug 2022 18:47:15 +0000
Twitter Whistleblower Complaint: The TL;DR Version
Twitter is blasted for security and privacy lapses by the company’s former head of security who alleges the social media giant’s actions amount to a national security risk.
More details.
Posted on Wed, 24 Aug 2022 14:17:04 +0000
Firewall Bug Under Active Attack Triggers CISA Warning
CISA is warning that Palo Alto Networks’ PAN-OS is under active attack and needs to be patched ASAP.
More details.
Posted on Tue, 23 Aug 2022 13:19:58 +0000
Fake Reservation Links Prey on Weary Travelers
Fake travel reservations are exacting more pain from the travel weary, already dealing with the misery of canceled flights and overbooked hotels.
More details.
Posted on Mon, 22 Aug 2022 13:59:06 +0000
iPhone Users Urged to Update to Patch 2 Zero-Days
Separate fixes to macOS and iOS patch respective flaws in the kernel and WebKit that can allow threat actors to take over devices and are under attack.
More details.
Posted on Fri, 19 Aug 2022 15:25:56 +0000
Google Patches Chrome’s Fifth Zero-Day of the Year
An insufficient validation input flaw, one of 11 patched in an update this week, could allow for arbitrary code execution and is under active attack.
More details.
Posted on Thu, 18 Aug 2022 14:31:38 +0000
Snowflake Data Breach: What Happened and How to Prevent It
In 2024, the cybersecurity landscape was shaken by an unexpected and widespread incident—the Snowflake data breach. Despite being a leading provider of cloud-based data warehousing solutions, Snowflake found itself at...
More details.
Posted on Tue, 05 Aug 2025 18:00:42 +0000
Ways to Mitigate Risk in Cybersecurity: Cybersecurity Risk Management
Cyber threats can wreak havoc on businesses, from data breaches to loss of reputation. Luckily, there are effective strategies available that can reduce cybersecurity risk. Avoidance is one of the...
The post Ways to Mitigate Risk in Cybersecurity: Cybersecurity Risk Management appeared first on Hacker Combat ...
More details.
Posted on Fri, 13 Dec 2024 12:04:08 +0000
Zero Trust Architecture
Zero trust security takes an “never trust, always verify” approach to access control. Access is only granted once an individual’s identity and context have been confirmed through multifactor authentication and...
More details.
Posted on Mon, 02 Dec 2024 10:43:16 +0000
What Is a Security Operations Center (SOC)?
A Security Operations Center (SOC) specializes in monitoring and analyzing data to detect cyber threats and prevent attacks from them. They work to sort actual threats from false positives before...
The post What Is a Security Operations Center (SOC)? appeared first on Hacker Combat ...
More details.
Posted on Mon, 02 Dec 2024 07:51:03 +0000
XDR vs SIEM Security Information and Event Management
The Extended Detection and Response Platform (XDR) ingestion and correlation technology captures and correlates high-fidelity data across your security layers, such as endpoint, network, logs, cloud services and identities to...
More details.
Posted on Fri, 29 Nov 2024 12:53:23 +0000
Best Free EDR for Windows PC
Endpoint detection and response (EDR) tools offer businesses that employ hybrid work models or remote employees an extra layer of cybersecurity protection. Utilizing artificial intelligence (AI) and machine learning (ML),...
More details.
Posted on Fri, 29 Nov 2024 11:19:32 +0000
Free EDR Solutions for Home Users in 2025
EDR can detect and respond to emerging and advanced cyber threats quickly and efficiently, making it an essential component of modern business ecosystems. Beyond signature-based detection capabilities, its features go...
More details.
Posted on Tue, 26 Nov 2024 07:46:59 +0000
Cloud Security Essentials
Cloud security involves employing perimeter defenses like firewalls, IDPSs and VPNs as well as guaranteeing isolation through network segmentation and virtual LANs while monitoring traffic for anomalies and threats –...
More details.
Posted on Mon, 28 Oct 2024 04:57:20 +0000
Antivirus Software
Antivirus software protects devices against viruses, malware, and other cyberthreats by detecting, quarantining, and deleting malicious code. Modern antivirus products also offer additional security features such as password protection, identity...
More details.
Posted on Mon, 28 Oct 2024 02:43:18 +0000
How to Protect Against Ransomware Attacks?
Criminal hackers employ ransomware attacks against their targets by encrypting their data and demanding that a ransom be paid within an allotted timeframe or risk losing it forever. When an...
The post How to Protect Against Ransomware Attacks? appeared first on Hacker Combat ...
More details.
Posted on Fri, 25 Oct 2024 03:57:42 +0000
A Note on Our Domain Update
Between The Hacks has updated its default domain name to
betweenthehacks.com. Everything is still here, but a few links might need
attention. Learn more about this update and let us know if you spot any
issues...
More details.
Posted on Fri, 04 Apr 2025 14:46:00 +0000
Passkeys: The Beginning of the End for Passwords
Still using passwords? It might be time to move on.
Passkeys are a simpler, more secure way to log in—no typing, no
phishing, no stress. In this post, I break down how passkeys work, why
they matter, and how you can start using them today...
More details.
Posted on Thu, 03 Apr 2025 14:41:00 +0000
I Finally Segmented My Network… by Cutting the Ethernet Cable!
After years of preaching network segmentation, I took it to the next
level—by physically disconnecting everything. Scissors, copper mesh,
and a rotating SSID script. What could go wrong?
More details.
Posted on Tue, 01 Apr 2025 14:36:55 +0000
Unlimited Access: Every Device on Your Network Can Talk to the Internet
Most home devices can access the entire internet—and often each other.
Segmentation helps, but without visibility into what your devices are
doing, you’re still exposed.
More details.
Posted on Sun, 30 Mar 2025 20:32:00 +0000
If Troy Hunt Can Fall for Phishing, So Can You
Even cybersecurity experts fall for phishing attacks. When Troy Hunt,
creator of Have I Been Pwned, clicked a malicious link and entered his
credentials, it was a wake-up call for all of us. In this post, we break
down what happened, why today’s phishing is more convincing than ever, and
what you can do to protect yourself...
More details.
Posted on Fri, 28 Mar 2025 17:34:13 +0000
AI Magic: My Blog, LinkedIn, and a 7-Minute Podcast!
So, here’s something that blew my mind: I decided to test
Google’s NotebookLM AI tool. I casually uploaded the URLs for my LinkedIn
page and my blog, not expecting much more than a basic summary...
More details.
Posted on Mon, 30 Sep 2024 17:01:00 +0000
How I Introduced the Cybersecurity World to a Cold War Hero
If you told me a year ago that I would meet a cold war hero at a birthday
party, I wouldn’t have believed you. And I would be even more skeptical if
you told me she would be an unintimidating, approachable music professor
with an infectious smile...
More details.
Posted on Thu, 30 Jun 2022 00:39:31 +0000
log4shell
UPDATED December 16, 2021
If you are reading this, you likely have heard about Log4Shell, the
December, 2021 critical zero-day remote-code execution vulnerability in the
popular Log4j software library that is developed and maintained by the
Apache Software Foundation...
More details.
Posted on Tue, 14 Dec 2021 18:56:34 +0000
Hacking Humble Bundle
Last year, Humble Bundle teamed up with the great tech publisher, No Starch
Press, to offer deeply discounted hacking ebooks for as little as one
dollar with the Hacking 101 By No Starch Press Humble Bundle of ebooks...
More details.
Posted on Tue, 30 Nov 2021 17:11:00 +0000
Cybersecurity Awareness Month 2021
October is Cybersecurity Awareness Month and Breast Cancer Awareness Month.
Since this is a cybersecurity blog, we will focus on cybersecurity but
let’s take a moment to talk about the important topic of breast cancer...
More details.
Posted on Fri, 01 Oct 2021 16:58:53 +0000
Colonial Pipeline: Lessons Learned
The Colonial Pipeline ransomware attack took down the largest fuel pipeline
in the United States and resulted in consumer hoarding of fuel and a
short-term shortage of gasoline on the east coast of the U...
More details.
Posted on Fri, 04 Jun 2021 21:23:00 +0000
President Biden's Cybersecurity Executive Order
Aiming to improve cybersecurity in the United States, President Biden
signed an executive order (EO) on May 12, 2021. Although the EO focuses on
U.S. federal departments’ and agencies’ cybersecurity, it will likely
result in standards that will change the way the private sector manages
cybersecurity within the United States and globally...
More details.
Posted on Fri, 28 May 2021 19:08:00 +0000
World Password Day - May 6, 2021
It’s World Password Day!
Are your passwords strong enough?
Do you have a long, unique password for every account?
Do you use multi-factor authentication where available?
If you answered, “no”...
More details.
Posted on Thu, 06 May 2021 13:30:00 +0000
Facebook Leak Leads To Smishing
I have always considered myself pretty lucky in that I rarely receive
fraudulent text messages. That luck recently ran out. Over the past few
weeks I have noticed an uptick in the number of SMS phishing (smishing)
messages that I receive on my phone...
More details.
Posted on Mon, 05 Apr 2021 14:42:00 +0000
2021 Cybersecurity Report Roundup
Annual cybersecurity reports are a rich resource of statistics and
information for cybersecurity professionals, academics, journalists and
anyone who is interested in cybersecurity. Below is a categorized...
More details.
Posted on Fri, 02 Apr 2021 12:27:00 +0000
2021 Top Cybersecurity Leaders
The March 2021 issue of Security magazine, partnering with (ISC)2, featured
their inaugural list of the Top Cybersecurity Leaders for 2021. As the
author of this blog, I am both humbled and honored, to not only be part of
the inaugural team, but also to be recognized with these accomplished
cybersecurity professionals...
More details.
Posted on Sun, 07 Mar 2021 19:54:37 +0000
ILoveYou.txt.vbs
Since today is known for love, let’s look back 21 years to one of the more
destructive, costly and famous viruses in history. The “ILoveYou” worm,
also known as the “Love Bug” or “Love Letter For You” infected more than
ten million Windows computers, beginning on May 5, 2000...
More details.
Posted on Sun, 14 Feb 2021 19:36:17 +0000
Safer Internet Day 2021
Tuesday, February 9th, 2021, marks the 18th edition of Safer Internet Day
with the theme "Together for a better Internet." Safer Internet Day (SID)
started as an EU SafeBorders project in 2004 and is now celebrated in
approximately 170 countries worldwide...
More details.
Posted on Tue, 09 Feb 2021 16:00:00 +0000
Happy New Year!
2020 was a difficult year and Between The Hacks wants to congratulate
everyone who pulled through the challenges. We have all lived through a
year that delivered a global pandemic, civil unrest, and...
More details.
Posted on Thu, 31 Dec 2020 20:58:00 +0000
Merry Christmas & Happy Holidays
Merry Christmas and Happy Holidays from Between The Hacks!
Whether you celebrate Christmas, Hanukkah, Kwanza or Festivus, we hope you
and your family are doing well, staying healthy and surviving 20...
More details.
Posted on Fri, 25 Dec 2020 02:51:00 +0000
Safeguarding the Backbone of the Global Economy: OT/ICS Security in the Oil and Gas Industry
The oil and gas industry is an essential pillar of the global economy, enabling energy production, transportation, and storage that fuel every aspect of modern life. At the core of these operations lie Operational Technology (OT) and Industrial Control Systems (ICS), critical systems responsible for monitoring and controlling key industrial processes...
More details.
Posted on Sun, 12 Jan 2025 09:37:30 +0000
Detailed Guide to SOAR and SIEM
What Is SOAR? SOAR stands for Security Orchestration, Automation, and Response. It’s a cybersecurity tool designed to simplify and enhance the efficiency of IT teams by automating responses to various security threats...
More details.
Posted on Sun, 12 Jan 2025 09:20:49 +0000
What is a cyberattack?
What is a cyberattack? Cyberattacks aim to damage or gain control or access to important documents and systems within a business or personal computer network. Cyberattacks are distributed by individuals or organizations for political, criminal, or personal intentions to destroy or gain access to classified information...
More details.
Posted on Wed, 30 Oct 2024 04:02:41 +0000
What is SIEM ?
Security information and event management, SIEM for short, is a solution that helps organizations detect, analyze, and respond to security threats before they harm business operations. SIEM, pronounced “sim,” combines both security information management (SIM) and security event management (SEM) into one security management system...
More details.
Posted on Tue, 29 Oct 2024 08:06:47 +0000
Cyber Security Operation Center Guidelines for best practices SOC Design
Cyber Security is become most needed services for all business and industries in 2024. Every business is concerned about Cyber Security. Security operations (SecOps) leaders face a multifaceted challenge:...
More details.
Posted on Tue, 30 Jan 2024 16:32:57 +0000
HOW TO BECOME CERTIFIED LEAD IMPLEMENTER – ISO 27001
ABOUT CERTIFIED LEAD IMPLEMENTER TRAINING AND EXAMINATION FOR INFORMATION SECURITY MANAGEMENT SYSTEM ISO / IEC 27001 Learn and get certified as a professional in implementation of ISO 27001 standard through our self-paced E-learning interactive course which comprises of 4 modules...
More details.
Posted on Thu, 26 Jan 2023 11:21:59 +0000
YouTube disrupted in Pakistan as former PM Imran Khan streams speech
NetBlocks metrics confirm the disruption of YouTube on multiple internet providers in Pakistan on Sunday 21 August 2022. The disruption comes as former Prime Minister Imran Khan makes a live broadcast to the public, despite a ban issued by the Pakistan Electronic Media Regulatory Authority (PEMRA)...
More details.
Posted on Mon, 22 Aug 2022 05:04:16 +0000
Recommendations for Parents about Cyber Bullying
Here are some dedicated tips for keeping younger children safe online. One of these training tips goes into the risks of young children on the Internet, covers cyber bullying and other risky Internet behavior...
More details.
Posted on Wed, 20 Oct 2021 06:36:27 +0000
WhatsApp, Facebook, Instagram server down in Pakistan?
Facebook-owned social media platforms, WhatsApp, Facebook, and Instagram are facing a worldwide outage, according to Downdetector, which offers real-time status and outage information for all kinds of services...
More details.
Posted on Mon, 04 Oct 2021 17:32:57 +0000
Cloudflare reports record-breaking HTTP-request DDoS attack
Cloudflare reports thwarting the largest known HTTP-request distributed denial of service attack in history, approximately three times larger than any other previously reported. The attack in July reached 17...
More details.
Posted on Sun, 22 Aug 2021 19:26:02 +0000
-
-
How mobile app analytics library led to the PII exposure
A mobile app was leaking personally identifiable information (PII) without anyone knowing. The source? A third-party analytics library. No one on the development team had changed anything. The configuration was untouched...
More details.
Posted on Fri, 25 Jul 2025 00:00:00 +0000
SBOM from the security perspective
Introduction The current situation with SBOMs Types of SBOMs Spotting weak dependencies SBOM and CRA Generating SBOMs: Different tools for different situations Manual SBOM generation GitHub SBOM Generator SBOM for Docker SBOM Benchmarks Inconsistencies in SBOM generation tools SBOMs in security context SBOMs are not accurate SBOMs can include vulnerabilities SBOMs can be signed SBOMs can include hash sums SBOMs’ hindered commercial adoption Data format compatibility issues Privacy concerns General problems of SBOM files Conclusion Introduction # The Software Bill of Materials (SBOM) is a promising approach for keeping an eye on the key elements of a software application, including libraries, dependencies, and frameworks...
More details.
Posted on Wed, 16 Oct 2024 00:00:00 +0000
Protecting ML models running on edge devices and mobile apps
Security challenges for Machine Learning models System architecture for delivering and executing ML models on edge device Risks and threats of running ML models in mobile apps Security defences for ML models ML model encryption Cloud and API protection Mobile application anti-tampering controls Proactive anti-fraud security measures Conclusion ML models are unique combinations of data and algorithms that have been trained on massive volumes of data to provide answers, classify incoming data, and transform it...
More details.
Posted on Fri, 06 Sep 2024 00:00:00 +0000
Cossack Labs Mobile Security Score framework for mobile AppSec
The OWASP Mobile Application Security Verification Standard (MASVS) has been a valuable foundation for our mobile security engineering and assessments. This high-level guideline served us well for a long time, particularly with version 1...
More details.
Posted on Fri, 09 Aug 2024 00:00:00 +0000
Security autotests for measurable and stable application security processes
Introduction The reason behind security autotests Security Autotests How to create security autotest Writing security autotest for validating response header Customising security autotests Security autotests: Fitting use cases Input validation Security Headers are present Verification session token after logout Ready-to-use templates for security autotests Summary Introduction # Software security development is a repeatable process, and some steps could be automated to free up the valuable time of security and software engineers...
More details.
Posted on Thu, 02 May 2024 00:00:00 +0000
Practical OAuth security guide for mobile applications
Intro OAuth: The key points Approach: Reviewing security of OAuth implementation in mobile app Understanding app authentication Intricate workflow behind app-based OAuth login Handling redirects back to the mobile app OAuth security improvement with PKCE CSRF attacks mitigation with “state” parameter Automation, automation, more automation Checklist: Security assessment of OAuth implementation Conclusion Intro # Security requires managing risks with smart and controllable solutions...
More details.
Posted on Fri, 29 Mar 2024 00:00:00 +0000
Security tips on using YubiKey and FIDO U2F
Designed for securing online accounts, FIDO U2F as a protocol and YubiKey as a hardware tool are not silver bullets. If not used wisely, this powerful combo becomes an attractive target in the hands of skilful attackers...
More details.
Posted on Fri, 22 Dec 2023 00:00:00 +0000
Flutter application security considerations
Fast and easy cross-platform application frameworks are promising, yet vulnerable to attacks. Is it possible to make the cross-platform mobile application development safe while avoiding security gaps?
In this post we will focus on pros and cons of Flutter, compare it with other approaches to mobile app development, go deep into platform-specific security risks that developers are to be aware of, and finally offer fundamental mobile security recommendations to make your Flutter projects more secure...
More details.
Posted on Fri, 08 Dec 2023 00:00:00 +0000
Digital payment security: Architecture guide
Building secure digital payment solutions is a challenge when it comes to balancing between convenience and security. How can we build secure digital wallets that meet the needs of fintech users and effectively protect their assets?
Intro Security paradox Balancing convenience and security in digital wallets Perception of security risk Reduce outrage and build a trustworthy digital wallet Digital payment security: Key risks and threats Risk profile and threat model Custodial & non-custodial, hot & cold, multisig wallets: Security benefits vs threats Addressing digital wallet security issues Clearly define your unique risk and threat profile Digital wallets: Addressing security risks Platform security API and backend security Supply chain security Monitoring transactions and addressing security incidents Treating problems systematically: Secure software development lifecycle Targeting specific risks relevant to digital wallets Key leakage and transaction fraud Deanonymisation Know Your Customer Anti Money Laundering Anti Fraud Systems Regulations and compliance Building trustworthy digital payment platforms Security failures in digital wallets Security incidents with custodial and non-custodial wallets Security incidents with banking apps Conclusions and lessons learnt This blogpost is a part of the “Digital wallet security guides”: Read the articles Crypto wallets security as seen by security engineers, Exploring security vulnerabilities in NFC digital wallets, How to prevent digital wallet fraud...
More details.
Posted on Fri, 08 Sep 2023 00:00:00 +0000
How to prevent digital wallet fraud
Custodial or non-custodial cryptocurrency wallets, money transfer platforms, or banking mobile applications — regardless of their forms, digital wallets are expected to provide secure storage of users’ financial assets...
More details.
Posted on Thu, 13 Jul 2023 00:00:00 +0000
Exploring security vulnerabilities in NFC digital wallets
In recent years, we have been reviewing and improving the security of small near-field communication (NFC) devices: smart contactless cards, mobile digital wallets, specialised authentication devices, among others...
More details.
Posted on Thu, 23 Mar 2023 00:00:00 +0000
Smart contract security audit: tips & tricks
Smart contracts occupy a separate niche in software development. They are small, immutable, visible to everyone, run on decentralised nodes and, on top of that, transfer user funds.
The smart contracts ecosystem is evolving rapidly, obtaining new development tools, practices, and vulnerabilities...
More details.
Posted on Tue, 13 Dec 2022 00:00:00 +0000
Introduction to automated security testing
Dangerous security bugs can sit in a code until someone finds them and turns into vulnerabilities that cost a piece of mind, budget or lives. To avoid a disaster, security engineers and DevSecOps engineers do their best to find and prevent weaknesses in software in the earlier stages of development...
More details.
Posted on Wed, 17 Aug 2022 00:00:00 +0000
Cryptographic failures in RF encryption allow stealing robotic devices
Cryptographic failures in the wild # Many developers see security people as annoying creatures, always pointing out mistakes and criticizing incorrect decisions. A cryptographer is considered more malignant: they know math and can tell you actual probabilities of some of your failures...
More details.
Posted on Wed, 29 Jun 2022 00:00:00 +0000
Cossack Labs stands on guard for security of Ukrainian companies
This post has been updated to reflect the current status of our support for Ukraine."
Keep calm and clean your machine gun.
On the morning of February 24th, the Russian Federation attacked peaceful Ukraine and shifted the narrative for the whole 21st century...
More details.
Posted on Mon, 07 Mar 2022 00:00:00 +0000
React Native libraries: Security considerations
React Native is a cross-platform framework that allows developers to write native mobile applications using JavaScript. Supporting multiple platforms means dealing with each platform’s issue (React Native, iOS, Android)...
More details.
Posted on Tue, 15 Feb 2022 00:00:00 +0000
TLS certificate validation in Golang: CRL & OCSP examples
Most applications use TLS for data-in-transit encryption and every programming language has a TLS support in its ecosystem. TLS was introduced in 1999 based on SSL 3.0. It's quite an old protocol, but, what is more important, it's very complex...
More details.
Posted on Tue, 18 Jan 2022 00:00:00 +0200
Crypto wallets security as seen by security engineers
What can go wrong when you develop a “secure” crypto wallet? How to eliminate typical security mistakes and build a secure app with multilayered data protection against mnemonic leakage and transaction forgery?
Cossack Labs security engineers were involved in improving the security of several large public blockchain ecosystems and their hot non-custodial crypto wallets...
More details.
Posted on Tue, 14 Dec 2021 00:00:00 +0200
Shared responsibility model in cloud security: mind the gap
Understanding cloud security # In this article, we observe security responsibility of cloud providers: where it ends, what are the gaps and grey areas, and what risks security teams should take into account when using “as a service” platforms...
More details.
Posted on Tue, 23 Mar 2021 00:00:00 +0000
React Native app security: Things to keep in mind
When developers choose to use React Native as a platform for their mobile apps, they think about the benefits of one codebase for two platforms, increased development speed and advantages of TypeScript...
More details.
Posted on Thu, 22 Oct 2020 00:00:00 +0000
Audit logs security: cryptographically signed tamper-proof logs
Logs, audit logs, and security events are must-have components of a secure system, which help to monitor ongoing behaviour and provide forensic evidence in case of an incident. Let’s cut through complexity...
More details.
Posted on Mon, 14 Sep 2020 00:00:00 +0000
How to build OpenSSL for Carthage iOS
This story is dedicated to fellow developers struggling with updating Carthage package with the latest OpenSSL for iOS and macOS apps. Here you will find the scripts, error messages, testing matrix, and our working solution for Themis to this no small feat...
More details.
Posted on Wed, 10 Jun 2020 00:00:00 +0000
OpenSSL for iOS: tricks of OpenSSL semver
OpenSSL complexity starts with its version string. Apple, Carthage, and some dependency analysis tools have different opinions about it. Here is how we dealt with them and submitted iOS app to the App Store...
More details.
Posted on Wed, 10 Jun 2020 00:00:00 +0000
PII Encryption Requirements. Cheatsheet
This article was initially published on November 2018, then reviewed and updated with the information regarding CCPA on April 2020.
We frequently see how regulatory requirements are mapped onto real-world demands during the integration of our tools and security consulting projects...
More details.
Posted on Thu, 02 Apr 2020 00:00:00 +0000
Lift & Shift: cloud security strategy
Intro # When companies move their infrastructures into the cloud, provisioning resources and configuring them to emulate their initial infrastructure — a practice called “lift and shift” — or migrate the existing solutions from one platform to another, something inevitably migrates together with all the code and assets: their security assumptions ...
More details.
Posted on Wed, 20 Nov 2019 00:00:00 +0000
How to prepare for data security issues
Understanding data security issues # The first thing that comes to mind when one thinks about security issues is typically some poorly written code that is prone to RCE, XSS, and similar attacks. But hardly anyone deliberately sets out with “I’m going to write some really bad, vulnerable code today!” intent in mind...
More details.
Posted on Mon, 28 Oct 2019 00:00:00 +0000
Implementing End-to-End encryption in Bear App
Bear with us! 🐻 # The latest release of a popular note-taking app Bear contains a new feature — end-to-end encryption of user notes. Cossack Labs team worked closely with the amazing Bear team to help deliver this feature...
More details.
Posted on Thu, 05 Sep 2019 00:00:00 +0000
Secure search over encrypted data
More and more data is outsourced to remote (cloud) storage providers fuelled by “software as a service” trends in enterprise computing. Data owners want to be certain that their data is safe against thefts by outsiders, internal threats, and untrusted service providers alike...
More details.
Posted on Tue, 23 Jul 2019 00:00:00 +0000
Install Acra 1-Click App through DigitalOcean Marketplace
Cossack Labs has recently joined the DigitalOcean Marketplace family following our mission to make high-end security tools available to the general developer audience in a convenient fashion. Acra encryption suite is one of the first data security and encryption tools on DigitalOcean Marketplace and it is now available as 1-Click App running in DigitalOcean Droplet ...
More details.
Posted on Tue, 07 May 2019 00:00:00 +0000
Acra on DigitalOcean Marketplace
We always strive to make high-end security tools available to general developer audience in a convenient fashion. Only by making data security accessible, we can ensure real security of sensitive data everywhere...
More details.
Posted on Tue, 16 Apr 2019 00:00:00 +0000
Defense in depth security strategy based on data encryption
Intro # Any set of security controls deployed in your infrastructure may fail. Given enough pressure, some controls will certainly fail. No surprises here, but the question is – how to build our systems to make security incidents less damaging in case of a failure of some components? How to prevent data leaks even in case of a successful data breach?
Building security tools , we strive towards defense in depth approach...
More details.
Posted on Thu, 04 Apr 2019 00:00:00 +0000
How to build an SQL Firewall
Building AcraCensor transparent SQL firewall There are two main ways to mitigate SQL injections: inside the app (using prepared statements, stored procedures, escaping) and outside the app (using Web Application Firewalls or SQL firewalls)...
More details.
Posted on Tue, 05 Mar 2019 00:00:00 +0000
How to prevent SQL injections when WAF’s not enough
Can WAF prevent SQL injection? What is the biggest threat to a tool that prevents unauthorised database access? Requests from the application side that trigger data leakage. Namely, SQL injections and other application attacks that allow attackers to craft custom SQL queries...
More details.
Posted on Wed, 13 Feb 2019 00:00:00 +0000
Blockchain & GDPR: dos and don’ts while achieving compliance
On blockchain and GDPR As cryptographers who develop data security tools that heavily involve cryptography (surprise surprise), we get asked a lot of questions about “crypto”. Unfortunately, not “cryptozoology”* crypto, but neither it is cryptography...
More details.
Posted on Tue, 22 Jan 2019 00:00:00 +0000
Thank You for Contributing and Using Themis in 2018
We believe that everyone should be able to create secure applications and protect users’ privacy. That’s why our main cryptographic components are open source and developer-friendly. But open-source would be nothing without external contributions and feedback from users...
More details.
Posted on Thu, 20 Dec 2018 00:00:00 +0000
Hiring External Security Team: What You Need to Know
In our company, we’ve succeeded in clearly articulating the deliverables of our products and consulting projects. Building a network of great partners and delegating the work out of range of our primary competencies to them helps both parties concentrate on what’s we’re best at...
More details.
Posted on Tue, 27 Nov 2018 00:00:00 +0000
How to Implement Tracing in a Modern Distributed Application
Distributed tracing is incredibly helpful during the integration and optimisation of microservice-rich software. Before implementing tracing as a publicly available feature in the latest version of Acra, we did a small research to catch up with current industry standards in tracing protocols and tools...
More details.
Posted on Thu, 22 Nov 2018 00:00:00 +0000
GDPR for software developers: implementing rights and security demands
A methodical software developer’s perspective on mapping privacy regulations to changes in the database structure, updates in DevOps practices, backups, and restricted processing.
GDPR and software development After 2 years of fearful anticipation, GDPR is finally here, in full effect starting with May 25, 2018...
More details.
Posted on Thu, 20 Sep 2018 00:00:00 +0000
Poison Records in Acra – Database Honeypots for Intrusion Detection
Poison Records in Acra Intro When naming our special type of data containers created for raising an alarm within Acra-powered infrastructures, we were sure we’ve seen the term “poison records” used elsewhere in the same context...
More details.
Posted on Thu, 16 Aug 2018 00:00:00 +0000
Social Events of Spring-Summer 2018 for Cossack Labs
Late April throughout late June of 2018 was quite a hot time for the Cossack Labs team as we were actively developing our products, releasing feature after feature for Acra and Themis and also participated, spoken at, and hosted a number of conferences, meetups, and workshops...
More details.
Posted on Fri, 13 Jul 2018 00:00:00 +0000
How to reduce Docker image size (Example)
Need for Docker image reducing To provide convenient delivery and faster deployment of our tools, just like everybody else − we use Docker. This article describes our experience of using containers for distribution of our product Acra (database encryption suite) and focuses on the method we used to reduce the size of Docker images approximately by 62-64 times...
More details.
Posted on Tue, 29 May 2018 00:00:00 +0000
Moving to OpenSSL 1.1.0 — How We Did It
This article was published in 2018 about R&D work, which resulted in stable production release of Themis that now uses OpenSSL 1.1.1g
If you’re a developer and you’re dealing with cryptography for your app, consider using high-level cryptographic libraries like Themis instead of OpenSSL...
More details.
Posted on Mon, 09 Apr 2018 00:00:00 +0000
2017 at Cossack Labs
Stats This was an eventful year for Cossack Labs! According to our GitHub stats, in 2017 we:
made 1200 commits into master branches;
merged 260 PRs;
accumulated 444 new stars.
Products and releases We picked a weird, but hopefully auspicious habit of releasing stuff on holidays or 13th days of the month (preferably Fridays :) or Mercury retrograde periods:
Acra Acra’s public release took place on the 8th of March...
More details.
Posted on Fri, 29 Dec 2017 00:00:00 +0000
Happy Holidays from Cossack Labs!
Season’s greetings and all kinds of good things in the New Year!
– With 🔒 from Cossack Labs!
More details.
Posted on Mon, 25 Dec 2017 00:00:00 +0000
Auditable Macros in C Code
Intro Like death and taxes, one thing that you can be sure of is that using C macros in a modern software project will cause a debate. While for some macros remain a convenient and efficient way of achieving particular programming goals, for others they are opaque, introduce the unnecessary risk of coding errors, and reduce readability...
More details.
Posted on Thu, 23 Nov 2017 00:00:00 +0000
Replacing OpenSSL with Libsodium
This article was published in 2017 about R&D work, which resulted in stable production release of Themis.
Intro In our ongoing effort to make Themis work with different cryptographic backends, we've decided to try something more challenging than just displacing similar primitives...
More details.
Posted on Thu, 21 Sep 2017 00:00:00 +0000
Replacing OpenSSL with BoringSSL in a Complex Multi-Platform Layout
This article was published in 2017 about R&D work, which resulted in stable production release of Themis that uses BoringSSL as one of crypto-engines.
If you’re a developer and you’re dealing with cryptography for your app, consider using high-level cryptographic libraries like Themis instead of BoringSSL...
More details.
Posted on Tue, 11 Jul 2017 00:00:00 +0000
Importing with ctypes in Python: fighting overflows
Introduction On some cold winter night, we've decided to refactor a few examples and tests for Python wrapper in Themis, because things have to be not only efficient and useful, but elegant as well...
More details.
Posted on Mon, 06 Mar 2017 00:00:00 +0000
Plugging leaks in Go memory management
Intro As many of you know, Go is an amazing modern programming language with automated memory management. We love Go: we've used it to build Acra, our database encryption suite, we further use it to build other products...
More details.
Posted on Tue, 28 Feb 2017 00:00:00 +0000
2016 at Cossack Labs
Bright and full of new 2016 year insensibly came to an end. Writing good software is hard: absorbed in developing our main products, closed a testing round of Acra (all hail the braves who dedicated an immense amount of time giving us feedback), we’ve spent most of the year undercover...
More details.
Posted on Fri, 30 Dec 2016 00:00:00 +0000
13 tips to enhance database and infrastructure security
Article updated in 2019.
Previously in the series... Previously, we’ve talked about design patterns best practices in backend security, then about key management goals and techniques.
It is important to understand that database security evolved with system administration techniques and programming demands, with cryptography and access controls being complementary features, rather than cornerstones...
More details.
Posted on Tue, 13 Dec 2016 00:00:00 +0000
Why making Internet safe is everyone’s responsibility
Responsibility is yours, mine, and that developer's in the office nearby. Open any tech news aggregator and chances are, one-third of all news will be security-related. What we are seeing right now is insane raise of awareness to cyber security, dictated by security threats suddenly turning looming on the horizon to dangerously close to anybody on the Internet...
More details.
Posted on Wed, 26 Oct 2016 00:00:00 +0000
Key management in data security: fundamentals
Key management in security system Frequently overlooked, much less hyped than quantum computers breaking trapdoor functions, managing keys is actually the most important part of building a security system...
More details.
Posted on Wed, 21 Sep 2016 00:00:00 +0000
Backend security: design patterns best practices
This article was revisited and updated in August 2018.
In modern client-server applications, most of the sensitive data is stored (and consequently leaked) on the backend. At Cossack Labs, we’re working on novel techniques to protect the data within modern infrastructures...
More details.
Posted on Mon, 15 Aug 2016 00:00:00 +0000
Zero Knowledge Protocols without magic
When we’ve first released Secure Comparator to use in our Themis crypto library and started talking about novel authentication concepts, we’ve encountered a few common misconceptions and plenty of magical thinking about Zero-Knowledge Proofs as a phenomenon...
More details.
Posted on Wed, 27 Jul 2016 00:00:00 +0000
Perimeter security: avoiding disappointment, shame and despair
Perimeter security: looking back Over the years, the Internet has evolved, and complex systems facing the Internet have evolved too.
Traditional security methodology to defend these systems was to build strong walls around your most valuable assets: build a castle and hope it stands against the external adversary...
More details.
Posted on Wed, 20 Jul 2016 00:00:00 +0000
Choose your Android crypto (Infographic)
Why do I even need to choose? Warning: This article borrows a lot from our original Choose your iOS Crypto publication, so if you've read that one, feel free to skip ahead to the libraries and ending notes about the actual Android specificities...
More details.
Posted on Mon, 23 May 2016 00:00:00 +0000
Building Sesto, in-browser password manager
Intro: what is Sesto Sesto (abbreviation for Secret Store) is open source passwords (and general secrets) manager for web.
What sets Sesto apart from many other password managers is:
it's web password manager, e...
More details.
Posted on Thu, 21 Apr 2016 00:00:00 +0000
Benchmarking Secure Comparator
When we conceived Secure Comparator, we saw that it is going to be slightly slower than existing authentication methods, because:
SMP requires much more rounds of data exchange
each round involves expensive calculations
our modification of ed25519 implementation involves blinding to avoid timing attacks, which makes overall performance even slower
This is a consequence of different demands and different security guarantees Secure Comparator gives: let systems with zero shared information exchange requests to data, where request data itself is a leakage...
More details.
Posted on Thu, 07 Apr 2016 00:00:00 +0000
Crypto in iOS: Choose your destiny (Infographic)
Why do I even need to choose? When building your next app, you might realize that you need to encrypt the data. There are two main reasons for that:
The need to transmit sensitive data to server and back;
The need to store sensitive data...
More details.
Posted on Wed, 30 Mar 2016 00:00:00 +0000
Building secure end-to-end webchat with Themis
Intro While developing components of our products, we love to explore use cases and usability through creating real-world test stands.
0fc is a side-product of WebThemis research: while doing some protocol design for front-end clients with WebThemis services, we wanted to try it in a real-world situation...
More details.
Posted on Thu, 17 Mar 2016 00:00:00 +0000
Building LibreSSL for PNaCl
Intro While building WebThemis, we've encountered the need to build LibreSSL for PNaCl as a source of cryptographic primitives.
The problem? LibreSSL has huge codebase with a lot of complicated code, that won't build on new platform out of the box...
More details.
Posted on Mon, 14 Mar 2016 00:00:00 +0000
Building and Using Themis in PNaCl
Intro Native Client (NaCl) allows browser applications to launch a native low-level code in an isolated environment. Thanks to this, some code, performance code parts can be rewritten in C or C++ easily...
More details.
Posted on Tue, 08 Mar 2016 00:00:00 +0000
What's wrong with Web Cryptography
Introduction Building full stack of cryptographic protection for modern applications includes working with the modern web browser, of course.
However, through 20+ years of history of web browsers, we're at the stage where in-browser cryptography is still problematic, and best you can rely on is SSL...
More details.
Posted on Thu, 03 Mar 2016 00:00:00 +0000
Fixing Secure Comparator
Introduction The idea behind Socialist Millionaire Protocol is to provide definite answer to the question whether two communicating parties possess the same secret or not in a secure (zero-knowledge) manner...
More details.
Posted on Thu, 11 Feb 2016 00:00:00 +0000
Introducing Secure Comparator
A word to pass Passwords are the ultimate keepers of security, extensively used in the 21st century's Internet. As more and more aspects of our lives become accessible online, the importance of keeping your passwords secure becomes crucial, because anybody knowing the password may access your accounts...
More details.
Posted on Wed, 09 Dec 2015 00:00:00 +0000
Why we need novel authentication schemes?
Introduction: A Word To Pass Before introducing our novel request authentication scheme in Themis, we’ve decided to create an overview of the existing methods of authentication and try to look into what the future might bring us...
More details.
Posted on Thu, 26 Nov 2015 00:00:00 +0000
WeakDH/LogJam vs Secure Session
Intro After LogJam vulnerability was published, and then the WeakDH paper (Imperfect Forward Secrecy: How Diffie-Hellman Fails in Practice) was published, we were asked a few times: since Secure Session uses Diffie-Hellman key negotiation, is prone to the same attacks?
We wrote this small note to explain why we are safe from such attacks, and how generally decisions about such important security features are being done for the open source Themis crypto library...
More details.
Posted on Fri, 20 Nov 2015 00:00:00 +0000
Armoring ed25519 to meet extended security challenges
This article was revisited and updated in October 2018.
Introduction We strive to use the best state-of-the-art cryptography for our library Themis. So when we wanted to implement an important novel feature Secure Comparator (that includes the so-called "Socialist Millionaire Protocol"), we needed to replace the prime-field modular arithmetic with something stronger...
More details.
Posted on Wed, 18 Nov 2015 00:00:00 +0000
Why you should avoid SSL for your next application
Introduction 2018 update: This article was 4 years old, and even then presented disputable opinion. Many things have changed since then, we're having TLS 1.3, which eliminates a number of cryptographic concerns and enforces correct uses...
More details.
Posted on Wed, 28 Oct 2015 00:00:00 +0000
Building encrypted chat service with Themis and mobile websocket example
Introduction Imagine you'd like to build your own chat server, which allows clients to exchange messages safely. You have a simple infrastructure consisting of a server written in Ruby and clients for iOS and Android...
More details.
Posted on Thu, 01 Oct 2015 00:00:00 +0000
Notes on adding cutting edge features
As we've stated in the past, the Themis library grew out of our own needs for a secure, efficient and convenient cryptographic library. While providing abstracted high-level services, Themis uses trusted, well established implementations of cryptographic primitives such as those provided by LibreSSL/OpenSSL or platform native cryptography providers...
More details.
Posted on Tue, 22 Sep 2015 00:00:00 +0000
Releasing Themis into public: usability testing
How we did usability testing for Themis when releasing the open source library into public.
When we were ready to release Themis, we've gathered a few colleagues and decided to make a test run on unsuspecting developers - how would the library blend into their workflows?
1...
More details.
Posted on Wed, 03 Jun 2015 00:00:00 +0000
Cybersecurity Professional Standards
Discover how unified cybersecurity professional standards and the UK Cyber Security Council are redefining trust, talent, and resilience in finance.
More details.
Posted on Tue, 29 Jul 2025 11:41:52 +0000
TLPT: Threat Led Penetration Testing Explained
Discover how TLPT (threat led penetration testing) helps organizations validate defenses against real-world cyber threats. Learn who needs threat led pentesting, what drives demand, and how it differs from red teaming and classic pentesting...
More details.
Posted on Fri, 20 Jun 2025 08:00:00 +0000
EUVD Vulnerability Database: Europe’s Answer to CVE Instability
The EUVD marks a strategic shift in vulnerability management, offering a transparent and sovereign alternative to the U.S.-centric CVE system—backed by EU law.
More details.
Posted on Wed, 14 May 2025 09:11:06 +0000
Cyber Incident Response Tips for Small Businesses
Learn how small businesses can build cyber incident response plans by adapting practical strategies from the UK’s “Cyber Incident Grab Bag.”
More details.
Posted on Sat, 03 May 2025 14:06:58 +0000
CVE Under Threat: What You Need to Know
MITRE’s CVE contract expired on April 16, putting global vulnerability tracking at risk. Learn what’s happening and how the security community is responding.
More details.
Posted on Wed, 16 Apr 2025 15:01:36 +0000
Unforgivable Software Vulnerabilities
Some software vulnerabilities are unforgivable—easy to find, easy to fix, and never should’ve existed. Here’s how to spot and prevent them.
More details.
Posted on Fri, 04 Apr 2025 14:27:14 +0000
Preventing Crypto Exchange Hacks: Lessons from Bybit Heist
Bybit lost $1.4B in a North Korean hack via malware, fake UI, and blind signing. Learn key security strategies to protect exchanges from cyber threats!
More details.
Posted on Wed, 26 Feb 2025 09:27:46 +0000
Cyber Defense Using Cyber Kill Chain and MITRE ATT&CK Explained
Learn how the Cyber Kill Chain and MITRE ATT&CK Framework enhance security by identifying, detecting, and responding to cyber threats effectively.
More details.
Posted on Thu, 06 Feb 2025 13:41:48 +0000
The Future of Authentication: Passkeys vs Passwords and 2FA
Passkeys replace passwords with secure, easy logins using biometrics and cryptography, eliminating phishing, breaches, and 2FA issues.
More details.
Posted on Wed, 22 Jan 2025 09:22:47 +0000
Lessons from 2024’s Worst Cyberattacks and How to Stay Secure
Analyzing 2024’s biggest cyberattacks: breaches, vulnerabilities exploited, and actionable steps to strengthen defenses for 2025.
More details.
Posted on Mon, 13 Jan 2025 21:47:29 +0000
What we do and what we offer.
About penetration tests and about our news.
