Latest news about information security vulnerabilities, threats, incidents and events
Prevention of security vulnerabilities, threats, and incidents described below is wiser and cheaper than forensic investigations and mitigation of the consequences of a cyber-attack.
You can get evidence of this fact from the news below.
Use our services to find and mitigate your security vulnerabilities before the security threat agents find them.
Webinar: How Attackers Exploit Cloud Misconfigurations Across AWS, AI Models, and Kubernetes
Cloud security is changing. Attackers are no longer just breaking down the door; they are finding unlocked windows in your configurations, your identities, and your code.
Standard security tools often miss these threats because they look like normal activity...
More details.
Posted on Wed, 10 Dec 2025 17:24:00 +0530
Warning: WinRAR Vulnerability CVE-2025-6218 Under Active Attack by Multiple Threat Groups
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday added a security flaw impacting the WinRAR file archiver and compression utility to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation...
More details.
Posted on Wed, 10 Dec 2025 17:24:00 +0530
Microsoft Issues Security Fixes for 56 Flaws, Including Active Exploit and Two Zero-Days
Microsoft closed out 2025 with patches for 56 security flaws in various products across the Windows platform, including one vulnerability that has been actively exploited in the wild.
Of the 56 flaws, three are rated Critical, and 53 are rated Important in severity...
More details.
Posted on Wed, 10 Dec 2025 14:20:00 +0530
Fortinet, Ivanti, and SAP Issue Urgent Patches for Authentication and Code Execution Flaws
Fortinet, Ivanti, and SAP have moved to address critical security flaws in their products that, if successfully exploited, could result in an authentication bypass and code execution.
The Fortinet vulnerabilities affect FortiOS, FortiWeb, FortiProxy, and FortiSwitchManager and relate to a case of improper verification of a cryptographic signature...
More details.
Posted on Wed, 10 Dec 2025 10:20:00 +0530
North Korea-linked Actors Exploit React2Shell to Deploy New EtherRAT Malware
Threat actors with ties to North Korea have likely become the latest to exploit the recently disclosed critical React2Shell security flaw in React Server Components (RSC) to deliver a previously undocumented remote access trojan dubbed EtherRAT...
More details.
Posted on Tue, 09 Dec 2025 23:55:00 +0530
Four Threat Clusters Using CastleLoader as GrayBravo Expands Its Malware Service Infrastructure
Four distinct threat activity clusters have been observed leveraging a malware loader known as CastleLoader, strengthening the previous assessment that the tool is offered to other threat actors under a malware-as-a-service (MaaS) model...
More details.
Posted on Tue, 09 Dec 2025 21:31:00 +0530
Storm-0249 Escalates Ransomware Attacks with ClickFix, Fileless PowerShell, and DLL Sideloading
The threat actor known as Storm-0249 is likely shifting from its role as an initial access broker to adopt a combination of more advanced tactics like domain spoofing, DLL side-loading, and fileless PowerShell execution to facilitate ransomware attacks...
More details.
Posted on Tue, 09 Dec 2025 19:07:00 +0530
How to Streamline Zero Trust Using the Shared Signals Framework
Zero Trust helps organizations shrink their attack surface and respond to threats faster, but many still struggle to implement it because their security tools don’t share signals reliably. 88% of organizations admit they’ve suffered significant challenges in trying to implement such approaches, according to Accenture...
More details.
Posted on Tue, 09 Dec 2025 17:00:00 +0530
Google Adds Layered Defenses to Chrome to Block Indirect Prompt Injection Threats
Google on Monday announced a set of new security features in Chrome, following the company's addition of agentic artificial intelligence (AI) capabilities to the web browser.
To that end, the tech giant said it has implemented layered defenses to make it harder for bad actors to exploit indirect prompt injections that arise as a result of exposure to untrusted web content and inflict harm...
More details.
Posted on Tue, 09 Dec 2025 16:44:00 +0530
STAC6565 Targets Canada in 80% of Attacks as Gold Blade Deploys QWCrypt Ransomware
Canadian organizations have emerged as the focus of a targeted cyber campaign orchestrated by a threat activity cluster known as STAC6565.
Cybersecurity company Sophos said it investigated almost 40 intrusions linked to the threat actor between February 2024 and August 2025...
More details.
Posted on Tue, 09 Dec 2025 15:05:00 +0530
Researchers Find Malicious VS Code, Go, npm, and Rust Packages Stealing Developer Data
Cybersecurity researchers have discovered two new extensions on Microsoft Visual Studio Code (VS Code) Marketplace that are designed to infect developer machines with stealer malware.
The VS Code extensions...
More details.
Posted on Tue, 09 Dec 2025 13:37:00 +0530
Experts Confirm JS#SMUGGLER Uses Compromised Sites to Deploy NetSupport RAT
Cybersecurity researchers are calling attention to a new campaign dubbed JS#SMUGGLER that has been observed leveraging compromised websites as a distribution vector for a remote access trojan named NetSupport RAT...
More details.
Posted on Mon, 08 Dec 2025 23:07:00 +0530
⚡ Weekly Recap: USB Malware, React2Shell, WhatsApp Worms, AI IDE Bugs & More
It’s been a week of chaos in code and calm in headlines. A bug that broke the internet’s favorite framework, hackers chasing AI tools, fake apps stealing cash, and record-breaking cyberattacks — all within days...
More details.
Posted on Mon, 08 Dec 2025 18:14:00 +0530
How Can Retailers Cyber-Prepare for the Most Vulnerable Time of the Year?
The holiday season compresses risk into a short, high-stakes window. Systems run hot, teams run lean, and attackers time automated campaigns to get maximum return. Multiple industry threat reports show that bot-driven fraud, credential stuffing and account takeover attempts intensify around peak shopping events, especially the weeks around Black Friday and Christmas...
More details.
Posted on Mon, 08 Dec 2025 17:28:00 +0530
Android Malware FvncBot, SeedSnatcher, and ClayRat Gain Stronger Data Theft Features
Cybersecurity researchers have disclosed details of two new Android malware families dubbed FvncBot and SeedSnatcher, as another upgraded version of ClayRat has been spotted in the wild.
The findings come from Intel 471, CYFIRMA, and Zimperium, respectively...
More details.
Posted on Mon, 08 Dec 2025 16:30:00 +0530
Sneeit WordPress RCE Exploited in the Wild While ICTBroadcast Bug Fuels Frost Botnet Attacks
A critical security flaw in the Sneeit Framework plugin for WordPress is being actively exploited in the wild, per data from Wordfence.
The remote code execution vulnerability in question is CVE-2025-6389 (CVSS score: 9...
More details.
Posted on Mon, 08 Dec 2025 14:45:00 +0530
MuddyWater Deploys UDPGangster Backdoor in Targeted Turkey-Israel-Azerbaijan Campaign
The Iranian hacking group known as MuddyWater has been observed leveraging a new backdoor dubbed UDPGangster that uses the User Datagram Protocol (UDP) for command-and-control (C2) purposes.
The cyber espionage activity targeted users in Turkey, Israel, and Azerbaijan, according to a report from Fortinet FortiGuard Labs...
More details.
Posted on Mon, 08 Dec 2025 12:16:00 +0530
Researchers Uncover 30+ Flaws in AI Coding Tools Enabling Data Theft and RCE Attacks
Over 30 security vulnerabilities have been disclosed in various artificial intelligence (AI)-powered Integrated Development Environments (IDEs) that combine prompt injection primitives with legitimate features to achieve data exfiltration and remote code execution...
More details.
Posted on Sat, 06 Dec 2025 20:54:00 +0530
Critical React2Shell Flaw Added to CISA KEV After Confirmed Active Exploitation
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Friday formally added a critical security flaw impacting React Server Components (RSC) to its Known Exploited Vulnerabilities (KEV) catalog following reports of active exploitation in the wild...
More details.
Posted on Sat, 06 Dec 2025 17:10:00 +0530
Zero-Click Agentic Browser Attack Can Delete Entire Google Drive Using Crafted Emails
A new agentic browser attack targeting Perplexity's Comet browser that's capable of turning a seemingly innocuous email into a destructive action that wipes a user's entire Google Drive contents, findings from Straiker STAR Labs show...
More details.
Posted on Fri, 05 Dec 2025 23:23:00 +0530
Critical XXE Bug CVE-2025-66516 (CVSS 10.0) Hits Apache Tika, Requires Urgent Patch
A critical security flaw has been disclosed in Apache Tika that could result in an XML external entity (XXE) injection attack.
The vulnerability, tracked as CVE-2025-66516, is rated 10.0 on the CVSS scoring scale, indicating maximum severity...
More details.
Posted on Fri, 05 Dec 2025 21:53:00 +0530
Chinese Hackers Have Started Exploiting the Newly Disclosed React2Shell Vulnerability
Two hacking groups with ties to China have been observed weaponizing the newly disclosed security flaw in React Server Components (RSC) within hours of it becoming public knowledge.
The vulnerability in question is CVE-2025-55182 (CVSS score: 10...
More details.
Posted on Fri, 05 Dec 2025 19:40:00 +0530
Intellexa Leaks Reveal Zero-Days and Ads-Based Vector for Predator Spyware Delivery
A human rights lawyer from Pakistan's Balochistan province received a suspicious link on WhatsApp from an unknown number, marking the first time a civil society member in the country was targeted by Intellexa's Predator spyware, Amnesty International said in a report...
More details.
Posted on Fri, 05 Dec 2025 17:17:00 +0530
"Getting to Yes": An Anti-Sales Guide for MSPs
Most MSPs and MSSPs know how to deliver effective security. The challenge is helping prospects understand why it matters in business terms. Too often, sales conversations stall because prospects are overwhelmed, skeptical, or tired of fear-based messaging...
More details.
Posted on Fri, 05 Dec 2025 17:00:00 +0530
CISA Reports PRC Hackers Using BRICKSTORM for Long-Term Access in U.S. Systems
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday released details of a backdoor named BRICKSTORM that has been put to use by state-sponsored threat actors from the People's Republic of China (PRC) to maintain long-term persistence on compromised systems...
More details.
Posted on Fri, 05 Dec 2025 13:44:00 +0530
JPCERT Confirms Active Command Injection Attacks on Array AG Gateways
A command injection vulnerability in Array Networks AG Series secure access gateways has been exploited in the wild since August 2025, according to an alert issued by JPCERT/CC this week.
The vulnerability, which does not have a CVE identifier, was addressed by the company on May 11, 2025...
More details.
Posted on Fri, 05 Dec 2025 11:10:00 +0530
Silver Fox Uses Fake Microsoft Teams Installer to Spread ValleyRAT Malware in China
The threat actor known as Silver Fox has been spotted orchestrating a false flag operation to mimic a Russian threat group in attacks targeting organizations in China.
The search engine optimization (SEO) poisoning campaign leverages Microsoft Teams lures to trick unsuspecting users into downloading a malicious setup file that leads to the deployment of ValleyRAT (Winos 4...
More details.
Posted on Thu, 04 Dec 2025 22:55:00 +0530
ThreatsDay Bulletin: Wi-Fi Hack, npm Worm, DeFi Theft, Phishing Blasts— and 15 More Stories
Think your Wi-Fi is safe? Your coding tools? Or even your favorite financial apps? This week proves again how hackers, companies, and governments are all locked in a nonstop race to outsmart each other...
More details.
Posted on Thu, 04 Dec 2025 17:28:00 +0530
5 Threats That Reshaped Web Security This Year [2025]
As 2025 draws to a close, security professionals face a sobering realization: the traditional playbook for web security has become dangerously obsolete. AI-powered attacks, evolving injection techniques, and supply chain compromises affecting hundreds of thousands of websites forced a fundamental rethink of defensive strategies...
More details.
Posted on Thu, 04 Dec 2025 17:00:00 +0530
GoldFactory Hits Southeast Asia with Modified Banking Apps Driving 11,000+ Infections
Cybercriminals associated with a financially motivated group known as GoldFactory have been observed staging a fresh round of attacks targeting mobile users in Indonesia, Thailand, and Vietnam by impersonating government services...
More details.
Posted on Thu, 04 Dec 2025 14:57:00 +0530
Record 29.7 Tbps DDoS Attack Linked to AISURU Botnet with up to 4 Million Infected Hosts
Cloudflare on Wednesday said it detected and mitigated the largest ever distributed denial-of-service (DDoS) attack that measured at 29.7 terabits per second (Tbps).
The activity, the web infrastructure and security company said, originated from a DDoS botnet-for-hire known as AISURU, which has been linked to a number of hyper-volumetric DDoS attacks over the past year...
More details.
Posted on Thu, 04 Dec 2025 12:22:00 +0530
Critical RSC Bugs in React and Next.js Allow Unauthenticated Remote Code Execution
A maximum-severity security flaw has been disclosed in React Server Components (RSC) that, if successfully exploited, could result in remote code execution.
The vulnerability, tracked as CVE-2025-55182, carries a CVSS score of 10...
More details.
Posted on Wed, 03 Dec 2025 23:49:00 +0530
Discover the AI Tools Fueling the Next Cybercrime Wave — Watch the Webinar
Remember when phishing emails were easy to spot? Bad grammar, weird formatting, and requests from a "Prince" in a distant country?
Those days are over.
Today, a 16-year-old with zero coding skills and a $200 allowance can launch a campaign that rivals state-sponsored hackers...
More details.
Posted on Wed, 03 Dec 2025 23:26:00 +0530
Microsoft Silently Patches Windows LNK Flaw After Years of Active Exploitation
Microsoft has silently plugged a security flaw that has been exploited by several threat actors since 2017 as part of the company's November 2025 Patch Tuesday updates, according to ACROS Security's 0patch...
More details.
Posted on Wed, 03 Dec 2025 23:16:36 +0530
WordPress King Addons Flaw Under Active Attack Lets Hackers Make Admin Accounts
A critical security flaw impacting a WordPress plugin known as King Addons for Elementor has come under active exploitation in the wild.
The vulnerability, CVE-2025-8489 (CVSS score: 9.8), is a case of privilege escalation that allows unauthenticated attackers to grant themselves administrative privileges by simply specifying the administrator user role during registration...
More details.
Posted on Wed, 03 Dec 2025 22:38:00 +0530
Brazil Hit by Banking Trojan Spread via WhatsApp Worm and RelayNFC NFC Relay Fraud
The threat actor known as Water Saci is actively evolving its tactics, switching to a sophisticated, highly layered infection chain that uses HTML Application (HTA) files and PDFs to propagate via WhatsApp a worm that deploys a banking trojan in attacks targeting users in Brazil...
More details.
Posted on Wed, 03 Dec 2025 21:02:00 +0530
Chopping AI Down to Size: Turning Disruptive Technology into a Strategic Advantage
Most people know the story of Paul Bunyan. A giant lumberjack, a trusted axe, and a challenge from a machine that promised to outpace him. Paul doubled down on his old way of working, swung harder, and still lost by a quarter inch...
More details.
Posted on Wed, 03 Dec 2025 15:26:00 +0530
Picklescan Bugs Allow Malicious PyTorch Models to Evade Scans and Execute Code
Three critical security flaws have been disclosed in an open-source utility called Picklescan that could allow malicious actors to execute arbitrary code by loading untrusted PyTorch models, effectively bypassing the tool's protections...
More details.
Posted on Wed, 03 Dec 2025 15:00:00 +0530
Malicious Rust Crate Delivers OS-Specific Malware to Web3 Developer Systems
Cybersecurity researchers have discovered a malicious Rust package that's capable of targeting Windows, macOS, and Linux systems, and features malicious functionality to stealthily execute on developer machines by masquerading as an Ethereum Virtual Machine (EVM) unit helper tool...
More details.
Posted on Wed, 03 Dec 2025 14:09:00 +0530
India Orders Messaging Apps to Work Only With Active SIM Cards to Prevent Fraud and Misuse
India's Department of Telecommunications (DoT) has issued directions to app-based communication service providers to ensure that the platforms cannot be used without an active SIM card linked to the user's mobile number...
More details.
Posted on Tue, 02 Dec 2025 23:16:00 +0530
Researchers Capture Lazarus APT's Remote-Worker Scheme Live on Camera
A joint investigation led by Mauro Eldritch, founder of BCA LTD, conducted together with threat-intel initiative NorthScan and ANY.RUN, a solution for interactive malware analysis and threat intelligence, has uncovered one of North Korea’s most persistent infiltration schemes: a network of remote IT workers tied to Lazarus Group’s Famous Chollima division...
More details.
Posted on Tue, 02 Dec 2025 20:32:00 +0530
GlassWorm Returns with 24 Malicious Extensions Impersonating Popular Developer Tools
The supply chain campaign known as GlassWorm has once again reared its head, infiltrating both Microsoft Visual Studio Marketplace and Open VSX with 24 extensions impersonating popular developer tools and frameworks like Flutter, React, Tailwind, Vim, and Vue...
More details.
Posted on Tue, 02 Dec 2025 20:31:00 +0530
Malicious npm Package Uses Hidden Prompt and Script to Evade AI Security Tools
Cybersecurity researchers have disclosed details of an npm package that attempts to influence artificial intelligence (AI)-driven security scanners.
The package in question is eslint-plugin-unicorn-ts-2, which masquerades as a TypeScript extension of the popular ESLint plugin...
More details.
Posted on Tue, 02 Dec 2025 19:47:00 +0530
Iran-Linked Hackers Hit Israeli Sectors with New MuddyViper Backdoor in Targeted Attacks
Israeli entities spanning academia, engineering, local government, manufacturing, technology, transportation, and utilities sectors have emerged as the target of a new set of attacks undertaken by Iranian nation-state actors that have delivered a previously undocumented backdoor called MuddyViper...
More details.
Posted on Tue, 02 Dec 2025 19:07:00 +0530
SecAlerts Cuts Through the Noise with a Smarter, Faster Way to Track Vulnerabilities
Vulnerability management is a core component of every cybersecurity strategy. However, businesses often use thousands of software without realising it (when was the last time you checked?), and keeping track of all the vulnerability alerts, notifications, and updates can be a burden on resources and often leads to missed vulnerabilities...
More details.
Posted on Tue, 02 Dec 2025 17:00:00 +0530
Google Patches 107 Android Flaws, Including Two Framework Bugs Exploited in the Wild
Google on Monday released monthly security updates for the Android operating system, including two vulnerabilities that it said have been exploited in the wild.
The patch addresses a total of 107 security flaws spanning different components, including Framework, System, Kernel, as well as those from Arm, Imagination Technologies, MediaTek, Qualcomm, and Unison...
More details.
Posted on Tue, 02 Dec 2025 12:47:00 +0530
India Orders Phone Makers to Pre-Install Government App to Tackle Telecom Fraud
India's telecommunications ministry has ordered major mobile device manufacturers to preload a government-backed cybersecurity app named Sanchar Saathi on all new phones within 90 days.
According to a report from Reuters, the app cannot be deleted or disabled from users' devices...
More details.
Posted on Mon, 01 Dec 2025 23:25:00 +0530
ShadyPanda Turns Popular Browser Extensions with 4.3 Million Installs Into Spyware
A threat actor known as ShadyPanda has been linked to a seven-year-long browser extension campaign that has amassed over 4.3 million installations over time.
Five of these extensions started off as legitimate programs before malicious changes were introduced in mid-2024, according to a report from Koi Security, attracting 300,000 installs...
More details.
Posted on Mon, 01 Dec 2025 22:59:00 +0530
⚡ Weekly Recap: Hot CVEs, npm Worm Returns, Firefox RCE, M365 Email Raid & More
Hackers aren’t kicking down the door anymore. They just use the same tools we use every day — code packages, cloud accounts, email, chat, phones, and “trusted” partners — and turn them against us...
More details.
Posted on Mon, 01 Dec 2025 18:17:00 +0530
Webinar: The "Agentic" Trojan Horse: Why the New AI Browsers War is a Nightmare for Security Teams
The AI browser wars are coming to a desktop near you, and you need to start worrying about their security challenges.
For the last two decades, whether you used Chrome, Edge, or Firefox, the fundamental paradigm remained the same: a passive window through which a human user viewed and interacted with the internet...
More details.
Posted on Mon, 01 Dec 2025 17:25:00 +0530
Student Loan Breach Exposes 2.5M Records
2.5 million people were affected, in a breach that could spell more trouble down the line.
More details.
Posted on Wed, 31 Aug 2022 12:57:48 +0000
Watering Hole Attacks Push ScanBox Keylogger
Researchers uncover a watering hole attack likely carried out by APT TA423, which attempts to plant the ScanBox JavaScript-based reconnaissance tool.
More details.
Posted on Tue, 30 Aug 2022 16:00:43 +0000
Tentacles of ‘0ktapus’ Threat Group Victimize 130 Firms
Over 130 companies tangled in sprawling phishing campaign that spoofed a multi-factor authentication system.
More details.
Posted on Mon, 29 Aug 2022 14:56:19 +0000
Ransomware Attacks are on the Rise
Lockbit is by far this summer’s most prolific ransomware group, trailed by two offshoots of the Conti group.
More details.
Posted on Fri, 26 Aug 2022 16:44:27 +0000
Cybercriminals Are Selling Access to Chinese Surveillance Cameras
Tens of thousands of cameras have failed to patch a critical, 11-month-old CVE, leaving thousands of organizations exposed.
More details.
Posted on Thu, 25 Aug 2022 18:47:15 +0000
Twitter Whistleblower Complaint: The TL;DR Version
Twitter is blasted for security and privacy lapses by the company’s former head of security who alleges the social media giant’s actions amount to a national security risk.
More details.
Posted on Wed, 24 Aug 2022 14:17:04 +0000
Firewall Bug Under Active Attack Triggers CISA Warning
CISA is warning that Palo Alto Networks’ PAN-OS is under active attack and needs to be patched ASAP.
More details.
Posted on Tue, 23 Aug 2022 13:19:58 +0000
Fake Reservation Links Prey on Weary Travelers
Fake travel reservations are exacting more pain from the travel weary, already dealing with the misery of canceled flights and overbooked hotels.
More details.
Posted on Mon, 22 Aug 2022 13:59:06 +0000
iPhone Users Urged to Update to Patch 2 Zero-Days
Separate fixes to macOS and iOS patch respective flaws in the kernel and WebKit that can allow threat actors to take over devices and are under attack.
More details.
Posted on Fri, 19 Aug 2022 15:25:56 +0000
Google Patches Chrome’s Fifth Zero-Day of the Year
An insufficient validation input flaw, one of 11 patched in an update this week, could allow for arbitrary code execution and is under active attack.
More details.
Posted on Thu, 18 Aug 2022 14:31:38 +0000
Snowflake Data Breach: What Happened and How to Prevent It
In 2024, the cybersecurity landscape was shaken by an unexpected and widespread incident—the Snowflake data breach. Despite being a leading provider of cloud-based data warehousing solutions, Snowflake found itself at...
More details.
Posted on Tue, 05 Aug 2025 18:00:42 +0000
Ways to Mitigate Risk in Cybersecurity: Cybersecurity Risk Management
Cyber threats can wreak havoc on businesses, from data breaches to loss of reputation. Luckily, there are effective strategies available that can reduce cybersecurity risk. Avoidance is one of the...
The post Ways to Mitigate Risk in Cybersecurity: Cybersecurity Risk Management appeared first on Hacker Combat ...
More details.
Posted on Fri, 13 Dec 2024 12:04:08 +0000
Zero Trust Architecture
Zero trust security takes an “never trust, always verify” approach to access control. Access is only granted once an individual’s identity and context have been confirmed through multifactor authentication and...
More details.
Posted on Mon, 02 Dec 2024 10:43:16 +0000
What Is a Security Operations Center (SOC)?
A Security Operations Center (SOC) specializes in monitoring and analyzing data to detect cyber threats and prevent attacks from them. They work to sort actual threats from false positives before...
The post What Is a Security Operations Center (SOC)? appeared first on Hacker Combat ...
More details.
Posted on Mon, 02 Dec 2024 07:51:03 +0000
XDR vs SIEM Security Information and Event Management
The Extended Detection and Response Platform (XDR) ingestion and correlation technology captures and correlates high-fidelity data across your security layers, such as endpoint, network, logs, cloud services and identities to...
More details.
Posted on Fri, 29 Nov 2024 12:53:23 +0000
Best Free EDR for Windows PC
Endpoint detection and response (EDR) tools offer businesses that employ hybrid work models or remote employees an extra layer of cybersecurity protection. Utilizing artificial intelligence (AI) and machine learning (ML),...
More details.
Posted on Fri, 29 Nov 2024 11:19:32 +0000
Free EDR Solutions for Home Users in 2025
EDR can detect and respond to emerging and advanced cyber threats quickly and efficiently, making it an essential component of modern business ecosystems. Beyond signature-based detection capabilities, its features go...
More details.
Posted on Tue, 26 Nov 2024 07:46:59 +0000
Cloud Security Essentials
Cloud security involves employing perimeter defenses like firewalls, IDPSs and VPNs as well as guaranteeing isolation through network segmentation and virtual LANs while monitoring traffic for anomalies and threats –...
More details.
Posted on Mon, 28 Oct 2024 04:57:20 +0000
Antivirus Software
Antivirus software protects devices against viruses, malware, and other cyberthreats by detecting, quarantining, and deleting malicious code. Modern antivirus products also offer additional security features such as password protection, identity...
More details.
Posted on Mon, 28 Oct 2024 02:43:18 +0000
How to Protect Against Ransomware Attacks?
Criminal hackers employ ransomware attacks against their targets by encrypting their data and demanding that a ransom be paid within an allotted timeframe or risk losing it forever. When an...
The post How to Protect Against Ransomware Attacks? appeared first on Hacker Combat ...
More details.
Posted on Fri, 25 Oct 2024 03:57:42 +0000
A Note on Our Domain Update
Between The Hacks has updated its default domain name to
betweenthehacks.com. Everything is still here, but a few links might need
attention. Learn more about this update and let us know if you spot any
issues...
More details.
Posted on Fri, 04 Apr 2025 14:46:00 +0000
Passkeys: The Beginning of the End for Passwords
Still using passwords? It might be time to move on.
Passkeys are a simpler, more secure way to log in—no typing, no
phishing, no stress. In this post, I break down how passkeys work, why
they matter, and how you can start using them today...
More details.
Posted on Thu, 03 Apr 2025 14:41:00 +0000
I Finally Segmented My Network… by Cutting the Ethernet Cable!
After years of preaching network segmentation, I took it to the next
level—by physically disconnecting everything. Scissors, copper mesh,
and a rotating SSID script. What could go wrong?
More details.
Posted on Tue, 01 Apr 2025 14:36:55 +0000
Unlimited Access: Every Device on Your Network Can Talk to the Internet
Most home devices can access the entire internet—and often each other.
Segmentation helps, but without visibility into what your devices are
doing, you’re still exposed.
More details.
Posted on Sun, 30 Mar 2025 20:32:00 +0000
If Troy Hunt Can Fall for Phishing, So Can You
Even cybersecurity experts fall for phishing attacks. When Troy Hunt,
creator of Have I Been Pwned, clicked a malicious link and entered his
credentials, it was a wake-up call for all of us. In this post, we break
down what happened, why today’s phishing is more convincing than ever, and
what you can do to protect yourself...
More details.
Posted on Fri, 28 Mar 2025 17:34:13 +0000
AI Magic: My Blog, LinkedIn, and a 7-Minute Podcast!
So, here’s something that blew my mind: I decided to test
Google’s NotebookLM AI tool. I casually uploaded the URLs for my LinkedIn
page and my blog, not expecting much more than a basic summary...
More details.
Posted on Mon, 30 Sep 2024 17:01:00 +0000
How I Introduced the Cybersecurity World to a Cold War Hero
If you told me a year ago that I would meet a cold war hero at a birthday
party, I wouldn’t have believed you. And I would be even more skeptical if
you told me she would be an unintimidating, approachable music professor
with an infectious smile...
More details.
Posted on Thu, 30 Jun 2022 00:39:31 +0000
log4shell
UPDATED December 16, 2021
If you are reading this, you likely have heard about Log4Shell, the
December, 2021 critical zero-day remote-code execution vulnerability in the
popular Log4j software library that is developed and maintained by the
Apache Software Foundation...
More details.
Posted on Tue, 14 Dec 2021 18:56:34 +0000
Hacking Humble Bundle
Last year, Humble Bundle teamed up with the great tech publisher, No Starch
Press, to offer deeply discounted hacking ebooks for as little as one
dollar with the Hacking 101 By No Starch Press Humble Bundle of ebooks...
More details.
Posted on Tue, 30 Nov 2021 17:11:00 +0000
Cybersecurity Awareness Month 2021
October is Cybersecurity Awareness Month and Breast Cancer Awareness Month.
Since this is a cybersecurity blog, we will focus on cybersecurity but
let’s take a moment to talk about the important topic of breast cancer...
More details.
Posted on Fri, 01 Oct 2021 16:58:53 +0000
Colonial Pipeline: Lessons Learned
The Colonial Pipeline ransomware attack took down the largest fuel pipeline
in the United States and resulted in consumer hoarding of fuel and a
short-term shortage of gasoline on the east coast of the U...
More details.
Posted on Fri, 04 Jun 2021 21:23:00 +0000
President Biden's Cybersecurity Executive Order
Aiming to improve cybersecurity in the United States, President Biden
signed an executive order (EO) on May 12, 2021. Although the EO focuses on
U.S. federal departments’ and agencies’ cybersecurity, it will likely
result in standards that will change the way the private sector manages
cybersecurity within the United States and globally...
More details.
Posted on Fri, 28 May 2021 19:08:00 +0000
World Password Day - May 6, 2021
It’s World Password Day!
Are your passwords strong enough?
Do you have a long, unique password for every account?
Do you use multi-factor authentication where available?
If you answered, “no”...
More details.
Posted on Thu, 06 May 2021 13:30:00 +0000
Facebook Leak Leads To Smishing
I have always considered myself pretty lucky in that I rarely receive
fraudulent text messages. That luck recently ran out. Over the past few
weeks I have noticed an uptick in the number of SMS phishing (smishing)
messages that I receive on my phone...
More details.
Posted on Mon, 05 Apr 2021 14:42:00 +0000
2021 Cybersecurity Report Roundup
Annual cybersecurity reports are a rich resource of statistics and
information for cybersecurity professionals, academics, journalists and
anyone who is interested in cybersecurity. Below is a categorized...
More details.
Posted on Fri, 02 Apr 2021 12:27:00 +0000
2021 Top Cybersecurity Leaders
The March 2021 issue of Security magazine, partnering with (ISC)2, featured
their inaugural list of the Top Cybersecurity Leaders for 2021. As the
author of this blog, I am both humbled and honored, to not only be part of
the inaugural team, but also to be recognized with these accomplished
cybersecurity professionals...
More details.
Posted on Sun, 07 Mar 2021 19:54:37 +0000
ILoveYou.txt.vbs
Since today is known for love, let’s look back 21 years to one of the more
destructive, costly and famous viruses in history. The “ILoveYou” worm,
also known as the “Love Bug” or “Love Letter For You” infected more than
ten million Windows computers, beginning on May 5, 2000...
More details.
Posted on Sun, 14 Feb 2021 19:36:17 +0000
Safer Internet Day 2021
Tuesday, February 9th, 2021, marks the 18th edition of Safer Internet Day
with the theme "Together for a better Internet." Safer Internet Day (SID)
started as an EU SafeBorders project in 2004 and is now celebrated in
approximately 170 countries worldwide...
More details.
Posted on Tue, 09 Feb 2021 16:00:00 +0000
Happy New Year!
2020 was a difficult year and Between The Hacks wants to congratulate
everyone who pulled through the challenges. We have all lived through a
year that delivered a global pandemic, civil unrest, and...
More details.
Posted on Thu, 31 Dec 2020 20:58:00 +0000
Merry Christmas & Happy Holidays
Merry Christmas and Happy Holidays from Between The Hacks!
Whether you celebrate Christmas, Hanukkah, Kwanza or Festivus, we hope you
and your family are doing well, staying healthy and surviving 20...
More details.
Posted on Fri, 25 Dec 2020 02:51:00 +0000
-
-
-
How mobile app analytics library led to the PII exposure
A mobile app was leaking personally identifiable information (PII) without anyone knowing. The source? A third-party analytics library. No one on the development team had changed anything. The configuration was untouched...
More details.
Posted on Fri, 25 Jul 2025 00:00:00 +0000
SBOM from the security perspective
Introduction The current situation with SBOMs Types of SBOMs Spotting weak dependencies SBOM and CRA Generating SBOMs: Different tools for different situations Manual SBOM generation GitHub SBOM Generator SBOM for Docker SBOM Benchmarks Inconsistencies in SBOM generation tools SBOMs in security context SBOMs are not accurate SBOMs can include vulnerabilities SBOMs can be signed SBOMs can include hash sums SBOMs’ hindered commercial adoption Data format compatibility issues Privacy concerns General problems of SBOM files Conclusion Introduction # The Software Bill of Materials (SBOM) is a promising approach for keeping an eye on the key elements of a software application, including libraries, dependencies, and frameworks...
More details.
Posted on Wed, 16 Oct 2024 00:00:00 +0000
Protecting ML models running on edge devices and mobile apps
Security challenges for Machine Learning models System architecture for delivering and executing ML models on edge device Risks and threats of running ML models in mobile apps Security defences for ML models ML model encryption Cloud and API protection Mobile application anti-tampering controls Proactive anti-fraud security measures Conclusion ML models are unique combinations of data and algorithms that have been trained on massive volumes of data to provide answers, classify incoming data, and transform it...
More details.
Posted on Fri, 06 Sep 2024 00:00:00 +0000
Cossack Labs Mobile Security Score framework for mobile AppSec
The OWASP Mobile Application Security Verification Standard (MASVS) has been a valuable foundation for our mobile security engineering and assessments. This high-level guideline served us well for a long time, particularly with version 1...
More details.
Posted on Fri, 09 Aug 2024 00:00:00 +0000
Security autotests for measurable and stable application security processes
Introduction The reason behind security autotests Security Autotests How to create security autotest Writing security autotest for validating response header Customising security autotests Security autotests: Fitting use cases Input validation Security Headers are present Verification session token after logout Ready-to-use templates for security autotests Summary Introduction # Software security development is a repeatable process, and some steps could be automated to free up the valuable time of security and software engineers...
More details.
Posted on Thu, 02 May 2024 00:00:00 +0000
Practical OAuth security guide for mobile applications
Intro OAuth: The key points Approach: Reviewing security of OAuth implementation in mobile app Understanding app authentication Intricate workflow behind app-based OAuth login Handling redirects back to the mobile app OAuth security improvement with PKCE CSRF attacks mitigation with “state” parameter Automation, automation, more automation Checklist: Security assessment of OAuth implementation Conclusion Intro # Security requires managing risks with smart and controllable solutions...
More details.
Posted on Fri, 29 Mar 2024 00:00:00 +0000
Security tips on using YubiKey and FIDO U2F
Designed for securing online accounts, FIDO U2F as a protocol and YubiKey as a hardware tool are not silver bullets. If not used wisely, this powerful combo becomes an attractive target in the hands of skilful attackers...
More details.
Posted on Fri, 22 Dec 2023 00:00:00 +0000
Flutter application security considerations
Fast and easy cross-platform application frameworks are promising, yet vulnerable to attacks. Is it possible to make the cross-platform mobile application development safe while avoiding security gaps?
In this post we will focus on pros and cons of Flutter, compare it with other approaches to mobile app development, go deep into platform-specific security risks that developers are to be aware of, and finally offer fundamental mobile security recommendations to make your Flutter projects more secure...
More details.
Posted on Fri, 08 Dec 2023 00:00:00 +0000
Digital payment security: Architecture guide
Building secure digital payment solutions is a challenge when it comes to balancing between convenience and security. How can we build secure digital wallets that meet the needs of fintech users and effectively protect their assets?
Intro Security paradox Balancing convenience and security in digital wallets Perception of security risk Reduce outrage and build a trustworthy digital wallet Digital payment security: Key risks and threats Risk profile and threat model Custodial & non-custodial, hot & cold, multisig wallets: Security benefits vs threats Addressing digital wallet security issues Clearly define your unique risk and threat profile Digital wallets: Addressing security risks Platform security API and backend security Supply chain security Monitoring transactions and addressing security incidents Treating problems systematically: Secure software development lifecycle Targeting specific risks relevant to digital wallets Key leakage and transaction fraud Deanonymisation Know Your Customer Anti Money Laundering Anti Fraud Systems Regulations and compliance Building trustworthy digital payment platforms Security failures in digital wallets Security incidents with custodial and non-custodial wallets Security incidents with banking apps Conclusions and lessons learnt This blogpost is a part of the “Digital wallet security guides”: Read the articles Crypto wallets security as seen by security engineers, Exploring security vulnerabilities in NFC digital wallets, How to prevent digital wallet fraud...
More details.
Posted on Fri, 08 Sep 2023 00:00:00 +0000
How to prevent digital wallet fraud
Custodial or non-custodial cryptocurrency wallets, money transfer platforms, or banking mobile applications — regardless of their forms, digital wallets are expected to provide secure storage of users’ financial assets...
More details.
Posted on Thu, 13 Jul 2023 00:00:00 +0000
Exploring security vulnerabilities in NFC digital wallets
In recent years, we have been reviewing and improving the security of small near-field communication (NFC) devices: smart contactless cards, mobile digital wallets, specialised authentication devices, among others...
More details.
Posted on Thu, 23 Mar 2023 00:00:00 +0000
Smart contract security audit: tips & tricks
Smart contracts occupy a separate niche in software development. They are small, immutable, visible to everyone, run on decentralised nodes and, on top of that, transfer user funds.
The smart contracts ecosystem is evolving rapidly, obtaining new development tools, practices, and vulnerabilities...
More details.
Posted on Tue, 13 Dec 2022 00:00:00 +0000
Introduction to automated security testing
Dangerous security bugs can sit in a code until someone finds them and turns into vulnerabilities that cost a piece of mind, budget or lives. To avoid a disaster, security engineers and DevSecOps engineers do their best to find and prevent weaknesses in software in the earlier stages of development...
More details.
Posted on Wed, 17 Aug 2022 00:00:00 +0000
Cryptographic failures in RF encryption allow stealing robotic devices
Cryptographic failures in the wild # Many developers see security people as annoying creatures, always pointing out mistakes and criticizing incorrect decisions. A cryptographer is considered more malignant: they know math and can tell you actual probabilities of some of your failures...
More details.
Posted on Wed, 29 Jun 2022 00:00:00 +0000
Cossack Labs stands on guard for security of Ukrainian companies
This post has been updated to reflect the current status of our support for Ukraine."
Keep calm and clean your machine gun.
On the morning of February 24th, the Russian Federation attacked peaceful Ukraine and shifted the narrative for the whole 21st century...
More details.
Posted on Mon, 07 Mar 2022 00:00:00 +0000
React Native libraries: Security considerations
React Native is a cross-platform framework that allows developers to write native mobile applications using JavaScript. Supporting multiple platforms means dealing with each platform’s issue (React Native, iOS, Android)...
More details.
Posted on Tue, 15 Feb 2022 00:00:00 +0000
TLS certificate validation in Golang: CRL & OCSP examples
Most applications use TLS for data-in-transit encryption and every programming language has a TLS support in its ecosystem. TLS was introduced in 1999 based on SSL 3.0. It's quite an old protocol, but, what is more important, it's very complex...
More details.
Posted on Tue, 18 Jan 2022 00:00:00 +0200
Crypto wallets security as seen by security engineers
What can go wrong when you develop a “secure” crypto wallet? How to eliminate typical security mistakes and build a secure app with multilayered data protection against mnemonic leakage and transaction forgery?
Cossack Labs security engineers were involved in improving the security of several large public blockchain ecosystems and their hot non-custodial crypto wallets...
More details.
Posted on Tue, 14 Dec 2021 00:00:00 +0200
Shared responsibility model in cloud security: mind the gap
Understanding cloud security # In this article, we observe security responsibility of cloud providers: where it ends, what are the gaps and grey areas, and what risks security teams should take into account when using “as a service” platforms...
More details.
Posted on Tue, 23 Mar 2021 00:00:00 +0000
React Native app security: Things to keep in mind
When developers choose to use React Native as a platform for their mobile apps, they think about the benefits of one codebase for two platforms, increased development speed and advantages of TypeScript...
More details.
Posted on Thu, 22 Oct 2020 00:00:00 +0000
Audit logs security: cryptographically signed tamper-proof logs
Logs, audit logs, and security events are must-have components of a secure system, which help to monitor ongoing behaviour and provide forensic evidence in case of an incident. Let’s cut through complexity...
More details.
Posted on Mon, 14 Sep 2020 00:00:00 +0000
How to build OpenSSL for Carthage iOS
This story is dedicated to fellow developers struggling with updating Carthage package with the latest OpenSSL for iOS and macOS apps. Here you will find the scripts, error messages, testing matrix, and our working solution for Themis to this no small feat...
More details.
Posted on Wed, 10 Jun 2020 00:00:00 +0000
OpenSSL for iOS: tricks of OpenSSL semver
OpenSSL complexity starts with its version string. Apple, Carthage, and some dependency analysis tools have different opinions about it. Here is how we dealt with them and submitted iOS app to the App Store...
More details.
Posted on Wed, 10 Jun 2020 00:00:00 +0000
PII Encryption Requirements. Cheatsheet
This article was initially published on November 2018, then reviewed and updated with the information regarding CCPA on April 2020.
We frequently see how regulatory requirements are mapped onto real-world demands during the integration of our tools and security consulting projects...
More details.
Posted on Thu, 02 Apr 2020 00:00:00 +0000
Lift & Shift: cloud security strategy
Intro # When companies move their infrastructures into the cloud, provisioning resources and configuring them to emulate their initial infrastructure — a practice called “lift and shift” — or migrate the existing solutions from one platform to another, something inevitably migrates together with all the code and assets: their security assumptions ...
More details.
Posted on Wed, 20 Nov 2019 00:00:00 +0000
How to prepare for data security issues
Understanding data security issues # The first thing that comes to mind when one thinks about security issues is typically some poorly written code that is prone to RCE, XSS, and similar attacks. But hardly anyone deliberately sets out with “I’m going to write some really bad, vulnerable code today!” intent in mind...
More details.
Posted on Mon, 28 Oct 2019 00:00:00 +0000
Implementing End-to-End encryption in Bear App
Bear with us! 🐻 # The latest release of a popular note-taking app Bear contains a new feature — end-to-end encryption of user notes. Cossack Labs team worked closely with the amazing Bear team to help deliver this feature...
More details.
Posted on Thu, 05 Sep 2019 00:00:00 +0000
Secure search over encrypted data
More and more data is outsourced to remote (cloud) storage providers fuelled by “software as a service” trends in enterprise computing. Data owners want to be certain that their data is safe against thefts by outsiders, internal threats, and untrusted service providers alike...
More details.
Posted on Tue, 23 Jul 2019 00:00:00 +0000
Install Acra 1-Click App through DigitalOcean Marketplace
Cossack Labs has recently joined the DigitalOcean Marketplace family following our mission to make high-end security tools available to the general developer audience in a convenient fashion. Acra encryption suite is one of the first data security and encryption tools on DigitalOcean Marketplace and it is now available as 1-Click App running in DigitalOcean Droplet ...
More details.
Posted on Tue, 07 May 2019 00:00:00 +0000
Acra on DigitalOcean Marketplace
We always strive to make high-end security tools available to general developer audience in a convenient fashion. Only by making data security accessible, we can ensure real security of sensitive data everywhere...
More details.
Posted on Tue, 16 Apr 2019 00:00:00 +0000
Defense in depth security strategy based on data encryption
Intro # Any set of security controls deployed in your infrastructure may fail. Given enough pressure, some controls will certainly fail. No surprises here, but the question is – how to build our systems to make security incidents less damaging in case of a failure of some components? How to prevent data leaks even in case of a successful data breach?
Building security tools , we strive towards defense in depth approach...
More details.
Posted on Thu, 04 Apr 2019 00:00:00 +0000
How to build an SQL Firewall
Building AcraCensor transparent SQL firewall There are two main ways to mitigate SQL injections: inside the app (using prepared statements, stored procedures, escaping) and outside the app (using Web Application Firewalls or SQL firewalls)...
More details.
Posted on Tue, 05 Mar 2019 00:00:00 +0000
How to prevent SQL injections when WAF’s not enough
Can WAF prevent SQL injection? What is the biggest threat to a tool that prevents unauthorised database access? Requests from the application side that trigger data leakage. Namely, SQL injections and other application attacks that allow attackers to craft custom SQL queries...
More details.
Posted on Wed, 13 Feb 2019 00:00:00 +0000
Blockchain & GDPR: dos and don’ts while achieving compliance
On blockchain and GDPR As cryptographers who develop data security tools that heavily involve cryptography (surprise surprise), we get asked a lot of questions about “crypto”. Unfortunately, not “cryptozoology”* crypto, but neither it is cryptography...
More details.
Posted on Tue, 22 Jan 2019 00:00:00 +0000
Thank You for Contributing and Using Themis in 2018
We believe that everyone should be able to create secure applications and protect users’ privacy. That’s why our main cryptographic components are open source and developer-friendly. But open-source would be nothing without external contributions and feedback from users...
More details.
Posted on Thu, 20 Dec 2018 00:00:00 +0000
Hiring External Security Team: What You Need to Know
In our company, we’ve succeeded in clearly articulating the deliverables of our products and consulting projects. Building a network of great partners and delegating the work out of range of our primary competencies to them helps both parties concentrate on what’s we’re best at...
More details.
Posted on Tue, 27 Nov 2018 00:00:00 +0000
How to Implement Tracing in a Modern Distributed Application
Distributed tracing is incredibly helpful during the integration and optimisation of microservice-rich software. Before implementing tracing as a publicly available feature in the latest version of Acra, we did a small research to catch up with current industry standards in tracing protocols and tools...
More details.
Posted on Thu, 22 Nov 2018 00:00:00 +0000
GDPR for software developers: implementing rights and security demands
A methodical software developer’s perspective on mapping privacy regulations to changes in the database structure, updates in DevOps practices, backups, and restricted processing.
GDPR and software development After 2 years of fearful anticipation, GDPR is finally here, in full effect starting with May 25, 2018...
More details.
Posted on Thu, 20 Sep 2018 00:00:00 +0000
Poison Records in Acra – Database Honeypots for Intrusion Detection
Poison Records in Acra Intro When naming our special type of data containers created for raising an alarm within Acra-powered infrastructures, we were sure we’ve seen the term “poison records” used elsewhere in the same context...
More details.
Posted on Thu, 16 Aug 2018 00:00:00 +0000
Social Events of Spring-Summer 2018 for Cossack Labs
Late April throughout late June of 2018 was quite a hot time for the Cossack Labs team as we were actively developing our products, releasing feature after feature for Acra and Themis and also participated, spoken at, and hosted a number of conferences, meetups, and workshops...
More details.
Posted on Fri, 13 Jul 2018 00:00:00 +0000
How to reduce Docker image size (Example)
Need for Docker image reducing To provide convenient delivery and faster deployment of our tools, just like everybody else − we use Docker. This article describes our experience of using containers for distribution of our product Acra (database encryption suite) and focuses on the method we used to reduce the size of Docker images approximately by 62-64 times...
More details.
Posted on Tue, 29 May 2018 00:00:00 +0000
Moving to OpenSSL 1.1.0 — How We Did It
This article was published in 2018 about R&D work, which resulted in stable production release of Themis that now uses OpenSSL 1.1.1g
If you’re a developer and you’re dealing with cryptography for your app, consider using high-level cryptographic libraries like Themis instead of OpenSSL...
More details.
Posted on Mon, 09 Apr 2018 00:00:00 +0000
2017 at Cossack Labs
Stats This was an eventful year for Cossack Labs! According to our GitHub stats, in 2017 we:
made 1200 commits into master branches;
merged 260 PRs;
accumulated 444 new stars.
Products and releases We picked a weird, but hopefully auspicious habit of releasing stuff on holidays or 13th days of the month (preferably Fridays :) or Mercury retrograde periods:
Acra Acra’s public release took place on the 8th of March...
More details.
Posted on Fri, 29 Dec 2017 00:00:00 +0000
Happy Holidays from Cossack Labs!
Season’s greetings and all kinds of good things in the New Year!
– With 🔒 from Cossack Labs!
More details.
Posted on Mon, 25 Dec 2017 00:00:00 +0000
Auditable Macros in C Code
Intro Like death and taxes, one thing that you can be sure of is that using C macros in a modern software project will cause a debate. While for some macros remain a convenient and efficient way of achieving particular programming goals, for others they are opaque, introduce the unnecessary risk of coding errors, and reduce readability...
More details.
Posted on Thu, 23 Nov 2017 00:00:00 +0000
Replacing OpenSSL with Libsodium
This article was published in 2017 about R&D work, which resulted in stable production release of Themis.
Intro In our ongoing effort to make Themis work with different cryptographic backends, we've decided to try something more challenging than just displacing similar primitives...
More details.
Posted on Thu, 21 Sep 2017 00:00:00 +0000
Replacing OpenSSL with BoringSSL in a Complex Multi-Platform Layout
This article was published in 2017 about R&D work, which resulted in stable production release of Themis that uses BoringSSL as one of crypto-engines.
If you’re a developer and you’re dealing with cryptography for your app, consider using high-level cryptographic libraries like Themis instead of BoringSSL...
More details.
Posted on Tue, 11 Jul 2017 00:00:00 +0000
Importing with ctypes in Python: fighting overflows
Introduction On some cold winter night, we've decided to refactor a few examples and tests for Python wrapper in Themis, because things have to be not only efficient and useful, but elegant as well...
More details.
Posted on Mon, 06 Mar 2017 00:00:00 +0000
Plugging leaks in Go memory management
Intro As many of you know, Go is an amazing modern programming language with automated memory management. We love Go: we've used it to build Acra, our database encryption suite, we further use it to build other products...
More details.
Posted on Tue, 28 Feb 2017 00:00:00 +0000
2016 at Cossack Labs
Bright and full of new 2016 year insensibly came to an end. Writing good software is hard: absorbed in developing our main products, closed a testing round of Acra (all hail the braves who dedicated an immense amount of time giving us feedback), we’ve spent most of the year undercover...
More details.
Posted on Fri, 30 Dec 2016 00:00:00 +0000
13 tips to enhance database and infrastructure security
Article updated in 2019.
Previously in the series... Previously, we’ve talked about design patterns best practices in backend security, then about key management goals and techniques.
It is important to understand that database security evolved with system administration techniques and programming demands, with cryptography and access controls being complementary features, rather than cornerstones...
More details.
Posted on Tue, 13 Dec 2016 00:00:00 +0000
Why making Internet safe is everyone’s responsibility
Responsibility is yours, mine, and that developer's in the office nearby. Open any tech news aggregator and chances are, one-third of all news will be security-related. What we are seeing right now is insane raise of awareness to cyber security, dictated by security threats suddenly turning looming on the horizon to dangerously close to anybody on the Internet...
More details.
Posted on Wed, 26 Oct 2016 00:00:00 +0000
Key management in data security: fundamentals
Key management in security system Frequently overlooked, much less hyped than quantum computers breaking trapdoor functions, managing keys is actually the most important part of building a security system...
More details.
Posted on Wed, 21 Sep 2016 00:00:00 +0000
Backend security: design patterns best practices
This article was revisited and updated in August 2018.
In modern client-server applications, most of the sensitive data is stored (and consequently leaked) on the backend. At Cossack Labs, we’re working on novel techniques to protect the data within modern infrastructures...
More details.
Posted on Mon, 15 Aug 2016 00:00:00 +0000
Zero Knowledge Protocols without magic
When we’ve first released Secure Comparator to use in our Themis crypto library and started talking about novel authentication concepts, we’ve encountered a few common misconceptions and plenty of magical thinking about Zero-Knowledge Proofs as a phenomenon...
More details.
Posted on Wed, 27 Jul 2016 00:00:00 +0000
Perimeter security: avoiding disappointment, shame and despair
Perimeter security: looking back Over the years, the Internet has evolved, and complex systems facing the Internet have evolved too.
Traditional security methodology to defend these systems was to build strong walls around your most valuable assets: build a castle and hope it stands against the external adversary...
More details.
Posted on Wed, 20 Jul 2016 00:00:00 +0000
Choose your Android crypto (Infographic)
Why do I even need to choose? Warning: This article borrows a lot from our original Choose your iOS Crypto publication, so if you've read that one, feel free to skip ahead to the libraries and ending notes about the actual Android specificities...
More details.
Posted on Mon, 23 May 2016 00:00:00 +0000
Building Sesto, in-browser password manager
Intro: what is Sesto Sesto (abbreviation for Secret Store) is open source passwords (and general secrets) manager for web.
What sets Sesto apart from many other password managers is:
it's web password manager, e...
More details.
Posted on Thu, 21 Apr 2016 00:00:00 +0000
Benchmarking Secure Comparator
When we conceived Secure Comparator, we saw that it is going to be slightly slower than existing authentication methods, because:
SMP requires much more rounds of data exchange
each round involves expensive calculations
our modification of ed25519 implementation involves blinding to avoid timing attacks, which makes overall performance even slower
This is a consequence of different demands and different security guarantees Secure Comparator gives: let systems with zero shared information exchange requests to data, where request data itself is a leakage...
More details.
Posted on Thu, 07 Apr 2016 00:00:00 +0000
Crypto in iOS: Choose your destiny (Infographic)
Why do I even need to choose? When building your next app, you might realize that you need to encrypt the data. There are two main reasons for that:
The need to transmit sensitive data to server and back;
The need to store sensitive data...
More details.
Posted on Wed, 30 Mar 2016 00:00:00 +0000
Building secure end-to-end webchat with Themis
Intro While developing components of our products, we love to explore use cases and usability through creating real-world test stands.
0fc is a side-product of WebThemis research: while doing some protocol design for front-end clients with WebThemis services, we wanted to try it in a real-world situation...
More details.
Posted on Thu, 17 Mar 2016 00:00:00 +0000
Building LibreSSL for PNaCl
Intro While building WebThemis, we've encountered the need to build LibreSSL for PNaCl as a source of cryptographic primitives.
The problem? LibreSSL has huge codebase with a lot of complicated code, that won't build on new platform out of the box...
More details.
Posted on Mon, 14 Mar 2016 00:00:00 +0000
Building and Using Themis in PNaCl
Intro Native Client (NaCl) allows browser applications to launch a native low-level code in an isolated environment. Thanks to this, some code, performance code parts can be rewritten in C or C++ easily...
More details.
Posted on Tue, 08 Mar 2016 00:00:00 +0000
What's wrong with Web Cryptography
Introduction Building full stack of cryptographic protection for modern applications includes working with the modern web browser, of course.
However, through 20+ years of history of web browsers, we're at the stage where in-browser cryptography is still problematic, and best you can rely on is SSL...
More details.
Posted on Thu, 03 Mar 2016 00:00:00 +0000
Fixing Secure Comparator
Introduction The idea behind Socialist Millionaire Protocol is to provide definite answer to the question whether two communicating parties possess the same secret or not in a secure (zero-knowledge) manner...
More details.
Posted on Thu, 11 Feb 2016 00:00:00 +0000
Introducing Secure Comparator
A word to pass Passwords are the ultimate keepers of security, extensively used in the 21st century's Internet. As more and more aspects of our lives become accessible online, the importance of keeping your passwords secure becomes crucial, because anybody knowing the password may access your accounts...
More details.
Posted on Wed, 09 Dec 2015 00:00:00 +0000
Why we need novel authentication schemes?
Introduction: A Word To Pass Before introducing our novel request authentication scheme in Themis, we’ve decided to create an overview of the existing methods of authentication and try to look into what the future might bring us...
More details.
Posted on Thu, 26 Nov 2015 00:00:00 +0000
WeakDH/LogJam vs Secure Session
Intro After LogJam vulnerability was published, and then the WeakDH paper (Imperfect Forward Secrecy: How Diffie-Hellman Fails in Practice) was published, we were asked a few times: since Secure Session uses Diffie-Hellman key negotiation, is prone to the same attacks?
We wrote this small note to explain why we are safe from such attacks, and how generally decisions about such important security features are being done for the open source Themis crypto library...
More details.
Posted on Fri, 20 Nov 2015 00:00:00 +0000
Armoring ed25519 to meet extended security challenges
This article was revisited and updated in October 2018.
Introduction We strive to use the best state-of-the-art cryptography for our library Themis. So when we wanted to implement an important novel feature Secure Comparator (that includes the so-called "Socialist Millionaire Protocol"), we needed to replace the prime-field modular arithmetic with something stronger...
More details.
Posted on Wed, 18 Nov 2015 00:00:00 +0000
Why you should avoid SSL for your next application
Introduction 2018 update: This article was 4 years old, and even then presented disputable opinion. Many things have changed since then, we're having TLS 1.3, which eliminates a number of cryptographic concerns and enforces correct uses...
More details.
Posted on Wed, 28 Oct 2015 00:00:00 +0000
Building encrypted chat service with Themis and mobile websocket example
Introduction Imagine you'd like to build your own chat server, which allows clients to exchange messages safely. You have a simple infrastructure consisting of a server written in Ruby and clients for iOS and Android...
More details.
Posted on Thu, 01 Oct 2015 00:00:00 +0000
Notes on adding cutting edge features
As we've stated in the past, the Themis library grew out of our own needs for a secure, efficient and convenient cryptographic library. While providing abstracted high-level services, Themis uses trusted, well established implementations of cryptographic primitives such as those provided by LibreSSL/OpenSSL or platform native cryptography providers...
More details.
Posted on Tue, 22 Sep 2015 00:00:00 +0000
Releasing Themis into public: usability testing
How we did usability testing for Themis when releasing the open source library into public.
When we were ready to release Themis, we've gathered a few colleagues and decided to make a test run on unsuspecting developers - how would the library blend into their workflows?
1...
More details.
Posted on Wed, 03 Jun 2015 00:00:00 +0000
Cybersecurity Professional Standards
Discover how unified cybersecurity professional standards and the UK Cyber Security Council are redefining trust, talent, and resilience in finance.
More details.
Posted on Tue, 29 Jul 2025 11:41:52 +0000
TLPT: Threat Led Penetration Testing Explained
Discover how TLPT (threat led penetration testing) helps organizations validate defenses against real-world cyber threats. Learn who needs threat led pentesting, what drives demand, and how it differs from red teaming and classic pentesting...
More details.
Posted on Fri, 20 Jun 2025 08:00:00 +0000
EUVD Vulnerability Database: Europe’s Answer to CVE Instability
The EUVD marks a strategic shift in vulnerability management, offering a transparent and sovereign alternative to the U.S.-centric CVE system—backed by EU law.
More details.
Posted on Wed, 14 May 2025 09:11:06 +0000
Cyber Incident Response Tips for Small Businesses
Learn how small businesses can build cyber incident response plans by adapting practical strategies from the UK’s “Cyber Incident Grab Bag.”
More details.
Posted on Sat, 03 May 2025 14:06:58 +0000
CVE Under Threat: What You Need to Know
MITRE’s CVE contract expired on April 16, putting global vulnerability tracking at risk. Learn what’s happening and how the security community is responding.
More details.
Posted on Wed, 16 Apr 2025 15:01:36 +0000
Unforgivable Software Vulnerabilities
Some software vulnerabilities are unforgivable—easy to find, easy to fix, and never should’ve existed. Here’s how to spot and prevent them.
More details.
Posted on Fri, 04 Apr 2025 14:27:14 +0000
Preventing Crypto Exchange Hacks: Lessons from Bybit Heist
Bybit lost $1.4B in a North Korean hack via malware, fake UI, and blind signing. Learn key security strategies to protect exchanges from cyber threats!
More details.
Posted on Wed, 26 Feb 2025 09:27:46 +0000
Cyber Defense Using Cyber Kill Chain and MITRE ATT&CK Explained
Learn how the Cyber Kill Chain and MITRE ATT&CK Framework enhance security by identifying, detecting, and responding to cyber threats effectively.
More details.
Posted on Thu, 06 Feb 2025 13:41:48 +0000
The Future of Authentication: Passkeys vs Passwords and 2FA
Passkeys replace passwords with secure, easy logins using biometrics and cryptography, eliminating phishing, breaches, and 2FA issues.
More details.
Posted on Wed, 22 Jan 2025 09:22:47 +0000
Lessons from 2024’s Worst Cyberattacks and How to Stay Secure
Analyzing 2024’s biggest cyberattacks: breaches, vulnerabilities exploited, and actionable steps to strengthen defenses for 2025.
More details.
Posted on Mon, 13 Jan 2025 21:47:29 +0000
What we do and what we offer.
About penetration tests and about our news.
