Latest news about information security vulnerabilities, threats, incidents and events
Prevention of security vulnerabilities, threats, and incidents described below is wiser and cheaper than forensic investigations and mitigation of the consequences of a cyber-attack.
You can get evidence of this fact from the news below.
Use our services to find and mitigate your security vulnerabilities before the security threat agents find them.
CISA Updates KEV Catalog with Four Actively Exploited Software Vulnerabilities
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday added four security flaws to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation in the wild...
More details.
Posted on Fri, 23 Jan 2026 20:54:00 +0530
Fortinet Confirms Active FortiCloud SSO Bypass on Fully Patched FortiGate Firewalls
Fortinet has officially confirmed that it's working to completely plug a FortiCloud SSO authentication bypass vulnerability following reports of fresh exploitation activity on fully-patched firewalls...
More details.
Posted on Fri, 23 Jan 2026 18:00:00 +0530
TikTok Forms U.S. Joint Venture to Continue Operations Under 2025 Executive Order
TikTok on Friday officially announced that it formed a joint venture that will allow the hugely popular video-sharing application to continue operating in the U.S.
The new venture, named TikTok USDS Joint Venture LLC, has been established in compliance with the Executive Order signed by U...
More details.
Posted on Fri, 23 Jan 2026 17:00:00 +0530
Phishing Attack Uses Stolen Credentials to Install LogMeIn RMM for Persistent Access
Cybersecurity researchers have disclosed details of a new dual-vector campaign that leverages stolen credentials to deploy legitimate Remote Monitoring and Management (RMM) software for persistent remote access to compromised hosts...
More details.
Posted on Fri, 23 Jan 2026 16:48:00 +0530
Microsoft Flags Multi-Stage AitM Phishing and BEC Attacks Targeting Energy Firms
Microsoft has warned of a multi‑stage adversary‑in‑the‑middle (AitM) phishing and business email compromise (BEC) campaign targeting multiple organizations in the energy sector.
"The campaign abused SharePoint file‑sharing services to deliver phishing payloads and relied on inbox rule creation to maintain persistence and evade user awareness," the Microsoft Defender Security Research Team said...
More details.
Posted on Fri, 23 Jan 2026 13:55:00 +0530
New Osiris Ransomware Emerges as New Strain Using POORTRY Driver in BYOVD Attack
Cybersecurity researchers have disclosed details of a new ransomware family called Osiris that targeted a major food service franchisee operator in Southeast Asia in November 2025.
The attack leveraged...
More details.
Posted on Thu, 22 Jan 2026 23:30:00 +0530
Critical GNU InetUtils telnetd Flaw Lets Attackers Bypass Login and Gain Root Access
A critical security flaw has been disclosed in the GNU InetUtils telnet daemon (telnetd) that went unnoticed for nearly 11 years.
The vulnerability, tracked as CVE-2026-24061, is rated 9.8 out of 10.0 on the CVSS scoring system...
More details.
Posted on Thu, 22 Jan 2026 22:00:00 +0530
ThreatsDay Bulletin: Pixel Zero-Click, Redis RCE, China C2s, RAT Ads, Crypto Scams & 15+ Stories
Most of this week’s threats didn’t rely on new tricks. They relied on familiar systems behaving exactly as designed, just in the wrong hands. Ordinary files, routine services, and trusted workflows were enough to open doors without forcing them...
More details.
Posted on Thu, 22 Jan 2026 19:53:00 +0530
Filling the Most Common Gaps in Google Workspace Security
Security teams at agile, fast-growing companies often have the same mandate: secure the business without slowing it down. Most teams inherit a tech stack optimized for breakneck growth, not resilience...
More details.
Posted on Thu, 22 Jan 2026 17:00:00 +0530
Malicious PyPI Package Impersonates SymPy, Deploys XMRig Miner on Linux Hosts
A new malicious package discovered in the Python Package Index (PyPI) has been found to impersonate a popular library for symbolic mathematics to deploy malicious payloads, including a cryptocurrency miner, on Linux hosts...
More details.
Posted on Thu, 22 Jan 2026 15:34:00 +0530
SmarterMail Auth Bypass Exploited in the Wild Two Days After Patch Release
A new security flaw in SmarterTools SmarterMail email software has come under active exploitation in the wild, two days after the release of a patch.
The vulnerability, which currently does not have a CVE identifier, is tracked by watchTowr Labs as WT-2026-0001...
More details.
Posted on Thu, 22 Jan 2026 15:16:00 +0530
Automated FortiGate Attacks Exploit FortiCloud SSO to Alter Firewall Configurations
Cybersecurity company Arctic Wolf has warned of a "new cluster of automated malicious activity" that involves unauthorized firewall configuration changes on Fortinet FortiGate devices.
The activity,...
More details.
Posted on Thu, 22 Jan 2026 11:25:00 +0530
Cisco Fixes Actively Exploited Zero-Day CVE-2026-20045 in Unified CM and Webex
Cisco has released fresh patches to address what it described as a "critical" security vulnerability impacting multiple Unified Communications (CM) products and Webex Calling Dedicated Instance that it has been actively exploited as a zero-day in the wild...
More details.
Posted on Thu, 22 Jan 2026 09:36:00 +0530
North Korean PurpleBravo Campaign Targeted 3,136 IP Addresses via Fake Job Interviews
As many as 3,136 individual IP addresses linked to likely targets of the Contagious Interview activity have been identified, with the campaign claiming 20 potential victim organizations spanning artificial intelligence (AI), cryptocurrency, financial services, IT services, marketing, and software development sectors in Europe, South Asia, the Middle East, and Central America...
More details.
Posted on Wed, 21 Jan 2026 22:47:00 +0530
Zoom and GitLab Release Security Updates Fixing RCE, DoS, and 2FA Bypass Flaws
Zoom and GitLab have released security updates to resolve a number of security vulnerabilities that could result in denial-of-service (DoS) and remote code execution.
The most severe of the lot is a critical security flaw impacting Zoom Node Multimedia Routers (MMRs) that could permit a meeting participant to conduct remote code execution attacks...
More details.
Posted on Wed, 21 Jan 2026 21:12:00 +0530
Webinar: How Smart MSSPs Using AI to Boost Margins with Half the Staff
Every managed security provider is chasing the same problem in 2026 — too many alerts, too few analysts, and clients demanding “CISO-level protection” at SMB budgets.
The truth? Most MSSPs are running harder, not smarter...
More details.
Posted on Wed, 21 Jan 2026 17:28:00 +0530
Exposure Assessment Platforms Signal a Shift in Focus
Gartner® doesn’t create new categories lightly. Generally speaking, a new acronym only emerges when the industry's collective "to-do list" has become mathematically impossible to complete...
More details.
Posted on Wed, 21 Jan 2026 16:00:00 +0530
Chainlit AI Framework Flaws Enable Data Theft via File Read and SSRF Bugs
Security vulnerabilities were uncovered in the popular open-source artificial intelligence (AI) framework Chainlit that could allow attackers to steal sensitive data, which may allow for lateral movement within a susceptible organization...
More details.
Posted on Wed, 21 Jan 2026 14:40:00 +0530
VoidLink Linux Malware Framework Built with AI Assistance Reaches 88,000 Lines of Code
The recently discovered sophisticated Linux malware framework known as VoidLink is assessed to have been developed by a single person with assistance from an artificial intelligence (AI) model.
That's according to new findings from Check Point Research, which identified operational security blunders by malware's author that provided clues to its developmental origins...
More details.
Posted on Wed, 21 Jan 2026 14:25:00 +0530
LastPass Warns of Fake Maintenance Messages Targeting Users’ Master Passwords
LastPass is alerting users to a new active phishing campaign that's impersonating the password management service, which aims to trick users into giving up their master passwords.
The campaign, which began on or around January 19, 2026, involves sending phishing emails claiming upcoming maintenance and urging them to create a local backup of their password vaults in the next 24 hours...
More details.
Posted on Wed, 21 Jan 2026 12:10:00 +0530
CERT/CC Warns binary-parser Bug Allows Node.js Privilege-Level Code Execution
A security vulnerability has been disclosed in the popular binary-parser npm library that, if successfully exploited, could result in the execution of arbitrary JavaScript.
The vulnerability, tracked as CVE-2026-1245 (CVSS score: 6...
More details.
Posted on Wed, 21 Jan 2026 11:34:00 +0530
North Korea-Linked Hackers Target Developers via Malicious VS Code Projects
The North Korean threat actors associated with the long-running Contagious Interview campaign have been observed using malicious Microsoft Visual Studio Code (VS Code) projects as lures to deliver a backdoor on compromised endpoints...
More details.
Posted on Wed, 21 Jan 2026 00:11:00 +0530
Three Flaws in Anthropic MCP Git Server Enable File Access and Code Execution
A set of three security vulnerabilities has been disclosed in mcp-server-git, the official Git Model Context Protocol (MCP) server maintained by Anthropic, that could be exploited to read or delete arbitrary files and execute code under certain conditions...
More details.
Posted on Tue, 20 Jan 2026 19:25:00 +0530
Hackers Use LinkedIn Messages to Spread RAT Malware Through DLL Sideloading
Cybersecurity researchers have uncovered a new phishing campaign that exploits social media private messages to propagate malicious payloads, likely with the intent to deploy a remote access trojan (RAT)...
More details.
Posted on Tue, 20 Jan 2026 19:16:00 +0530
The Hidden Risk of Orphan Accounts
The Problem: The Identities Left Behind
As organizations grow and evolve, employees, contractors, services, and systems come and go - but their accounts often remain. These abandoned or “orphan” accounts sit dormant across applications, platforms, assets, and cloud consoles...
More details.
Posted on Tue, 20 Jan 2026 17:28:00 +0530
Evelyn Stealer Malware Abuses VS Code Extensions to Steal Developer Credentials and Crypto
Cybersecurity researchers have disclosed details of a malware campaign that's targeting software developers with a new information stealer called Evelyn Stealer by weaponizing the Microsoft Visual Studio Code (VS Code) extension ecosystem...
More details.
Posted on Tue, 20 Jan 2026 17:18:00 +0530
Cloudflare Fixes ACME Validation Bug Allowing WAF Bypass to Origin Servers
Cloudflare has addressed a security vulnerability impacting its Automatic Certificate Management Environment (ACME) validation logic that made it possible to bypass security controls and access origin servers...
More details.
Posted on Tue, 20 Jan 2026 16:42:00 +0530
Why Secrets in JavaScript Bundles are Still Being Missed
Leaked API keys are no longer unusual, nor are the breaches that follow. So why are sensitive tokens still being so easily exposed?
To find out, Intruder’s research team looked at what traditional vulnerability scanners actually cover and built a new secrets detection method to address gaps in existing approaches...
More details.
Posted on Tue, 20 Jan 2026 16:15:00 +0530
Tudou Guarantee Marketplace Halts Telegram Transactions After Processing Over $12 Billion
A Telegram-based guarantee marketplace known for advertising a broad range of illicit services appears to be winding down its operations, according to new findings from Elliptic.
The blockchain intelligence company said Tudou Guarantee has effectively ceased transactions through its public Telegram groups following a period of significant growth...
More details.
Posted on Tue, 20 Jan 2026 13:10:00 +0530
Google Gemini Prompt Injection Flaw Exposed Private Calendar Data via Malicious Invites
Cybersecurity researchers have disclosed details of a security flaw that leverages indirect prompt injection targeting Google Gemini as a way to bypass authorization guardrails and use Google Calendar as a data extraction mechanism...
More details.
Posted on Mon, 19 Jan 2026 22:51:00 +0530
⚡ Weekly Recap: Fortinet Exploits, RedLine Clipjack, NTLM Crack, Copilot Attack & More
In cybersecurity, the line between a normal update and a serious incident keeps getting thinner. Systems that once felt reliable are now under pressure from constant change. New AI tools, connected devices, and automated systems quietly create more ways in, often faster than security teams can react...
More details.
Posted on Mon, 19 Jan 2026 18:47:00 +0530
DevOps & SaaS Downtime: The High (and Hidden) Costs for Cloud-First Businesses
Just a few years ago, the cloud was touted as the “magic pill” for any cyber threat or performance issue. Many were lured by the “always-on” dream, trading granular control for the convenience of managed services...
More details.
Posted on Mon, 19 Jan 2026 17:25:00 +0530
New StackWarp Hardware Flaw Breaks AMD SEV-SNP Protections on Zen 1–5 CPUs
A team of academics from the CISPA Helmholtz Center for Information Security in Germany has disclosed the details of a new hardware vulnerability affecting AMD processors.
The security flaw, codenamed...
More details.
Posted on Mon, 19 Jan 2026 17:01:00 +0530
CrashFix Chrome Extension Delivers ModeloRAT Using ClickFix-Style Browser Crash Lures
Cybersecurity researchers have disclosed details of an ongoing campaign dubbed KongTuke that used a malicious Google Chrome extension masquerading as an ad blocker to deliberately crash the web browser and trick victims into running arbitrary commands using ClickFix-like lures to deliver a previously undocumented remote access trojan (RAT) dubbed ModeloRAT...
More details.
Posted on Mon, 19 Jan 2026 14:39:00 +0530
Security Bug in StealC Malware Panel Let Researchers Spy on Threat Actor Operations
Cybersecurity researchers have disclosed a cross-site scripting (XSS) vulnerability in the web-based control panel used by operators of the StealC information stealer, allowing them to gather crucial insights on one of the threat actors using the malware in their operations...
More details.
Posted on Mon, 19 Jan 2026 12:23:00 +0530
Black Basta Ransomware Leader Added to EU Most Wanted and INTERPOL Red Notice
Ukrainian and German law enforcement authorities have identified two Ukrainians suspected of working for the Russia-linked ransomware-as-a-service (RaaS) group Black Basta.
In addition, the group's...
More details.
Posted on Sat, 17 Jan 2026 21:56:00 +0530
OpenAI to Show Ads in ChatGPT for Logged-In U.S. Adults on Free and Go Plans
OpenAI on Friday said it would start showing ads in ChatGPT to logged-in adult U.S. users in both the free and ChatGPT Go tiers in the coming weeks, as the artificial intelligence (AI) company expanded access to its low-cost subscription globally...
More details.
Posted on Sat, 17 Jan 2026 14:04:00 +0530
GootLoader Malware Uses 500–1,000 Concatenated ZIP Archives to Evade Detection
The JavaScript (aka JScript) malware loader called GootLoader has been observed using a malformed ZIP archive that's designed to sidestep detection efforts by concatenating anywhere from 500 to 1,000 archives...
More details.
Posted on Fri, 16 Jan 2026 23:29:00 +0530
Five Malicious Chrome Extensions Impersonate Workday and NetSuite to Hijack Accounts
Cybersecurity researchers have discovered five new malicious Google Chrome web browser extensions that masquerade as human resources (HR) and enterprise resource planning (ERP) platforms like Workday, NetSuite, and SuccessFactors to take control of victim accounts...
More details.
Posted on Fri, 16 Jan 2026 19:39:00 +0530
Your Digital Footprint Can Lead Right to Your Front Door
You lock your doors at night. You avoid sketchy phone calls. You’re careful about what you post on social media.
But what about the information about you that’s already out there—without your permission?
Your name...
More details.
Posted on Fri, 16 Jan 2026 16:12:00 +0530
LOTUSLITE Backdoor Targets U.S. Policy Entities Using Venezuela-Themed Spear Phishing
Security experts have disclosed details of a new campaign that has targeted U.S. government and policy entities using politically themed lures to deliver a backdoor known as LOTUSLITE.
The targeted malware campaign leverages decoys related to the recent geopolitical developments between the U...
More details.
Posted on Fri, 16 Jan 2026 15:57:00 +0530
China-Linked APT Exploited Sitecore Zero-Day in Critical Infrastructure Intrusion
A threat actor likely aligned with China has been observed targeting critical infrastructure sectors in North America since at least last year.
Cisco Talos, which is tracking the activity under the name UAT-8837, assessed it to be a China-nexus advanced persistent threat (APT) actor with medium confidence based on tactical overlaps with other campaigns mounted by threat actors from the region...
More details.
Posted on Fri, 16 Jan 2026 12:48:00 +0530
Cisco Patches Zero-Day RCE Exploited by China-Linked APT in Secure Email Gateways
Cisco on Thursday released security updates for a maximum-severity security flaw impacting Cisco AsyncOS Software for Cisco Secure Email Gateway and Cisco Secure Email and Web Manager, nearly a month after the company disclosed that it had been exploited as a zero-day by a China-nexus advanced persistent threat (APT) actor codenamed UAT-9686...
More details.
Posted on Fri, 16 Jan 2026 11:08:00 +0530
AWS CodeBuild Misconfiguration Exposed GitHub Repos to Potential Supply Chain Attacks
A critical misconfiguration in Amazon Web Services (AWS) CodeBuild could have allowed complete takeover of the cloud service provider's own GitHub repositories, including its AWS JavaScript SDK, putting every AWS environment at risk...
More details.
Posted on Fri, 16 Jan 2026 01:01:00 +0530
Critical WordPress Modular DS Plugin Flaw Actively Exploited to Gain Admin Access
A maximum-severity security flaw in a WordPress plugin called Modular DS has come under active exploitation in the wild, according to Patchstack.
The vulnerability, tracked as CVE-2026-23550 (CVSS score: 10...
More details.
Posted on Thu, 15 Jan 2026 21:01:00 +0530
Researchers Reveal Reprompt Attack Allowing Single-Click Data Exfiltration From Microsoft Copilot
Cybersecurity researchers have disclosed details of a new attack method dubbed Reprompt that could allow bad actors to exfiltrate sensitive data from artificial intelligence (AI) chatbots like Microsoft Copilot in a single click, while bypassing enterprise security controls entirely...
More details.
Posted on Thu, 15 Jan 2026 20:39:00 +0530
ThreatsDay Bulletin: AI Voice Cloning Exploit, Wi-Fi Kill Switch, PLC Vulns, and 14 More Stories
The internet never stays quiet. Every week, new hacks, scams, and security problems show up somewhere.
This week’s stories show how fast attackers change their tricks, how small mistakes turn into big risks, and how the same old tools keep finding new ways to break in...
More details.
Posted on Thu, 15 Jan 2026 19:26:00 +0530
Model Security Is the Wrong Frame – The Real Risk Is Workflow Security
As AI copilots and assistants become embedded in daily work, security teams are still focused on protecting the models themselves. But recent incidents suggest the bigger risk lies elsewhere: in the workflows that surround those models...
More details.
Posted on Thu, 15 Jan 2026 17:25:00 +0530
4 Outdated Habits Destroying Your SOC's MTTR in 2026
It’s 2026, yet many SOCs are still operating the way they did years ago, using tools and processes designed for a very different threat landscape. Given the growth in volumes and complexity of cyber threats, outdated practices no longer fully support analysts’ needs, staggering investigations and incident response...
More details.
Posted on Thu, 15 Jan 2026 16:30:00 +0530
Microsoft Legal Action Disrupts RedVDS Cybercrime Infrastructure Used for Online Fraud
Microsoft on Wednesday announced that it has taken a "coordinated legal action" in the U.S. and the U.K. to disrupt a cybercrime subscription service called RedVDS that has allegedly fueled millions in fraud losses...
More details.
Posted on Thu, 15 Jan 2026 15:07:00 +0530
Student Loan Breach Exposes 2.5M Records
2.5 million people were affected, in a breach that could spell more trouble down the line.
More details.
Posted on Wed, 31 Aug 2022 12:57:48 +0000
Watering Hole Attacks Push ScanBox Keylogger
Researchers uncover a watering hole attack likely carried out by APT TA423, which attempts to plant the ScanBox JavaScript-based reconnaissance tool.
More details.
Posted on Tue, 30 Aug 2022 16:00:43 +0000
Tentacles of ‘0ktapus’ Threat Group Victimize 130 Firms
Over 130 companies tangled in sprawling phishing campaign that spoofed a multi-factor authentication system.
More details.
Posted on Mon, 29 Aug 2022 14:56:19 +0000
Ransomware Attacks are on the Rise
Lockbit is by far this summer’s most prolific ransomware group, trailed by two offshoots of the Conti group.
More details.
Posted on Fri, 26 Aug 2022 16:44:27 +0000
Cybercriminals Are Selling Access to Chinese Surveillance Cameras
Tens of thousands of cameras have failed to patch a critical, 11-month-old CVE, leaving thousands of organizations exposed.
More details.
Posted on Thu, 25 Aug 2022 18:47:15 +0000
Twitter Whistleblower Complaint: The TL;DR Version
Twitter is blasted for security and privacy lapses by the company’s former head of security who alleges the social media giant’s actions amount to a national security risk.
More details.
Posted on Wed, 24 Aug 2022 14:17:04 +0000
Firewall Bug Under Active Attack Triggers CISA Warning
CISA is warning that Palo Alto Networks’ PAN-OS is under active attack and needs to be patched ASAP.
More details.
Posted on Tue, 23 Aug 2022 13:19:58 +0000
Fake Reservation Links Prey on Weary Travelers
Fake travel reservations are exacting more pain from the travel weary, already dealing with the misery of canceled flights and overbooked hotels.
More details.
Posted on Mon, 22 Aug 2022 13:59:06 +0000
iPhone Users Urged to Update to Patch 2 Zero-Days
Separate fixes to macOS and iOS patch respective flaws in the kernel and WebKit that can allow threat actors to take over devices and are under attack.
More details.
Posted on Fri, 19 Aug 2022 15:25:56 +0000
Google Patches Chrome’s Fifth Zero-Day of the Year
An insufficient validation input flaw, one of 11 patched in an update this week, could allow for arbitrary code execution and is under active attack.
More details.
Posted on Thu, 18 Aug 2022 14:31:38 +0000
Snowflake Data Breach: What Happened and How to Prevent It
In 2024, the cybersecurity landscape was shaken by an unexpected and widespread incident—the Snowflake data breach. Despite being a leading provider of cloud-based data warehousing solutions, Snowflake found itself at...
More details.
Posted on Tue, 05 Aug 2025 18:00:42 +0000
Ways to Mitigate Risk in Cybersecurity: Cybersecurity Risk Management
Cyber threats can wreak havoc on businesses, from data breaches to loss of reputation. Luckily, there are effective strategies available that can reduce cybersecurity risk. Avoidance is one of the...
The post Ways to Mitigate Risk in Cybersecurity: Cybersecurity Risk Management appeared first on Hacker Combat ...
More details.
Posted on Fri, 13 Dec 2024 12:04:08 +0000
Zero Trust Architecture
Zero trust security takes an “never trust, always verify” approach to access control. Access is only granted once an individual’s identity and context have been confirmed through multifactor authentication and...
More details.
Posted on Mon, 02 Dec 2024 10:43:16 +0000
What Is a Security Operations Center (SOC)?
A Security Operations Center (SOC) specializes in monitoring and analyzing data to detect cyber threats and prevent attacks from them. They work to sort actual threats from false positives before...
The post What Is a Security Operations Center (SOC)? appeared first on Hacker Combat ...
More details.
Posted on Mon, 02 Dec 2024 07:51:03 +0000
XDR vs SIEM Security Information and Event Management
The Extended Detection and Response Platform (XDR) ingestion and correlation technology captures and correlates high-fidelity data across your security layers, such as endpoint, network, logs, cloud services and identities to...
More details.
Posted on Fri, 29 Nov 2024 12:53:23 +0000
Best Free EDR for Windows PC
Endpoint detection and response (EDR) tools offer businesses that employ hybrid work models or remote employees an extra layer of cybersecurity protection. Utilizing artificial intelligence (AI) and machine learning (ML),...
More details.
Posted on Fri, 29 Nov 2024 11:19:32 +0000
Free EDR Solutions for Home Users in 2025
EDR can detect and respond to emerging and advanced cyber threats quickly and efficiently, making it an essential component of modern business ecosystems. Beyond signature-based detection capabilities, its features go...
More details.
Posted on Tue, 26 Nov 2024 07:46:59 +0000
Cloud Security Essentials
Cloud security involves employing perimeter defenses like firewalls, IDPSs and VPNs as well as guaranteeing isolation through network segmentation and virtual LANs while monitoring traffic for anomalies and threats –...
More details.
Posted on Mon, 28 Oct 2024 04:57:20 +0000
Antivirus Software
Antivirus software protects devices against viruses, malware, and other cyberthreats by detecting, quarantining, and deleting malicious code. Modern antivirus products also offer additional security features such as password protection, identity...
More details.
Posted on Mon, 28 Oct 2024 02:43:18 +0000
How to Protect Against Ransomware Attacks?
Criminal hackers employ ransomware attacks against their targets by encrypting their data and demanding that a ransom be paid within an allotted timeframe or risk losing it forever. When an...
The post How to Protect Against Ransomware Attacks? appeared first on Hacker Combat ...
More details.
Posted on Fri, 25 Oct 2024 03:57:42 +0000
Don't Let Legacy Systems Write Your Headline
What came after a dramatic Louvre heist highlights the risks of leaving
legacy technology untreated in your enterprise, and how to mitigate them
before they make the news.
More details.
Posted on Tue, 11 Nov 2025 02:07:00 +0000
Make Your Venmo Private in 30 Seconds (Before Your Mom Sees Everything)
Most Venmo users have no idea their payments are public. This quick guide
shows you how to make your transactions private in under 30 seconds.
More details.
Posted on Tue, 28 Oct 2025 14:03:00 +0000
June Is National Internet Safety Month: Where Did It Come From?
National Internet Safety Month was born in 2005 to raise awareness around
growing online risks. Nearly 20 years later, its message is more relevant
than ever. Here’s how it started—and why it still matters...
More details.
Posted on Thu, 12 Jun 2025 20:49:18 +0000
The 10-Minute Security Checkup Everyone Should Do This Weekend
Skip the cybersecurity overwhelm. This 10-minute weekend checklist covers
the essential security tasks that actually matter—from software updates to
MFA setup. No jargon, no scare tactics, just practical steps anyone can
follow to lock down their digital life...
More details.
Posted on Sun, 01 Jun 2025 19:54:27 +0000
The Spy Who Applied to Code
Think fake job applicants are just awkward interviews and padded resumes?
Think again. One North Korean operative nearly infiltrated a U.S. crypto
firm by pretending to be a software engineer named “Steven Smith...
More details.
Posted on Mon, 05 May 2025 14:49:00 +0000
World Password Day
Passwords are still the leading cause of breaches, and most of us still
treat them like an afterthought. This post breaks down where we’re going
wrong, what’s finally getting better, and why passkeys might be our best
shot at a password-free future...
More details.
Posted on Thu, 01 May 2025 15:10:56 +0000
10 Ways to Secure Your Laptop
Laptops are magnets for thieves, hackers, and nosy strangers on airplanes.
This guide walks you through 10 smart ways to secure your
laptop—physically, digitally, and privately—so your files stay safe, your
data stays yours, and your webcam isn’t watching you back...
More details.
Posted on Mon, 28 Apr 2025 14:58:00 +0000
Quishing: Phishing Got a Glow-Up
Quishing is phishing’s slicker, sneakier cousin. It hides behind QR codes,
shows up on flyers and parking meters, and tricks you into handing over
your credentials, often before your coffee kicks in...
More details.
Posted on Thu, 24 Apr 2025 14:46:00 +0000
Locking Down My Smart Thermostats Was a Nightmare (and What It Taught Me About IoT Security)
When I tried to lock down my smart thermostats, I discovered how hard it is
to control what IoT devices connect to. Here’s what I learned—and why we
need NetBOM.
More details.
Posted on Mon, 14 Apr 2025 14:13:00 +0000
Ransomware: Because Who Doesn’t Want to Be Held Hostage by Their Own Files?
Ransomware: Because Who Doesn’t Want to Be Held Hostage by Their Own Files?
Ransomware is no longer just a hacker’s side hustle—it’s big business. In
this post, we break down what ransomware is, how it works, who it targets
(on purpose and by accident), and what you can do to stay safe...
More details.
Posted on Wed, 09 Apr 2025 14:03:00 +0000
A Note on Our Domain Update
Between The Hacks has updated its default domain name to
betweenthehacks.com. Everything is still here, but a few links might need
attention. Learn more about this update and let us know if you spot any
issues...
More details.
Posted on Fri, 04 Apr 2025 14:46:00 +0000
Passkeys: The Beginning of the End for Passwords
Still using passwords? It might be time to move on.
Passkeys are a simpler, more secure way to log in—no typing, no
phishing, no stress. In this post, I break down how passkeys work, why
they matter, and how you can start using them today...
More details.
Posted on Thu, 03 Apr 2025 14:41:00 +0000
I Finally Segmented My Network… by Cutting the Ethernet Cable!
After years of preaching network segmentation, I took it to the next
level—by physically disconnecting everything. Scissors, copper mesh,
and a rotating SSID script. What could go wrong?
More details.
Posted on Tue, 01 Apr 2025 14:36:55 +0000
Unlimited Access: Every Device on Your Network Can Talk to the Internet
Most home devices can access the entire internet—and often each other.
Segmentation helps, but without visibility into what your devices are
doing, you’re still exposed.
More details.
Posted on Sun, 30 Mar 2025 20:32:00 +0000
If Troy Hunt Can Fall for Phishing, So Can You
Even cybersecurity experts fall for phishing attacks. When Troy Hunt,
creator of Have I Been Pwned, clicked a malicious link and entered his
credentials, it was a wake-up call for all of us. In this post, we break
down what happened, why today’s phishing is more convincing than ever, and
what you can do to protect yourself...
More details.
Posted on Fri, 28 Mar 2025 17:34:13 +0000
AI Magic: My Blog, LinkedIn, and a 7-Minute Podcast!
So, here’s something that blew my mind: I decided to test
Google’s NotebookLM AI tool. I casually uploaded the URLs for my LinkedIn
page and my blog, not expecting much more than a basic summary...
More details.
Posted on Mon, 30 Sep 2024 17:01:00 +0000
How I Introduced the Cybersecurity World to a Cold War Hero
If you told me a year ago that I would meet a cold war hero at a birthday
party, I wouldn’t have believed you. And I would be even more skeptical if
you told me she would be an unintimidating, approachable music professor
with an infectious smile...
More details.
Posted on Thu, 30 Jun 2022 00:39:31 +0000
NetBOM
NetBOM, short for Network Bill of Materials, is a concept I drafted to
improve IoT and network security. This post explains how NetBOM works, what
it includes, and how it supports Zero Trust strategies...
More details.
Posted on Tue, 28 Dec 2021 18:52:00 +0000
log4shell
UPDATED December 16, 2021
If you are reading this, you likely have heard about Log4Shell, the
December, 2021 critical zero-day remote-code execution vulnerability in the
popular Log4j software library that is developed and maintained by the
Apache Software Foundation...
More details.
Posted on Tue, 14 Dec 2021 18:56:34 +0000
Hacking Humble Bundle
Last year, Humble Bundle teamed up with the great tech publisher, No Starch
Press, to offer deeply discounted hacking ebooks for as little as one
dollar with the Hacking 101 By No Starch Press Humble Bundle of ebooks...
More details.
Posted on Tue, 30 Nov 2021 17:11:00 +0000
Safeguarding the Backbone of the Global Economy: OT/ICS Security in the Oil and Gas Industry
The oil and gas industry is an essential pillar of the global economy, enabling energy production, transportation, and storage that fuel every aspect of modern life. At the core of these operations lie Operational Technology (OT) and Industrial Control Systems (ICS), critical systems responsible for monitoring and controlling key industrial processes...
More details.
Posted on Sun, 12 Jan 2025 09:37:30 +0000
Detailed Guide to SOAR and SIEM
What Is SOAR? SOAR stands for Security Orchestration, Automation, and Response. It’s a cybersecurity tool designed to simplify and enhance the efficiency of IT teams by automating responses to various security threats...
More details.
Posted on Sun, 12 Jan 2025 09:20:49 +0000
What is a cyberattack?
What is a cyberattack? Cyberattacks aim to damage or gain control or access to important documents and systems within a business or personal computer network. Cyberattacks are distributed by individuals or organizations for political, criminal, or personal intentions to destroy or gain access to classified information...
More details.
Posted on Wed, 30 Oct 2024 04:02:41 +0000
What is SIEM ?
Security information and event management, SIEM for short, is a solution that helps organizations detect, analyze, and respond to security threats before they harm business operations. SIEM, pronounced “sim,” combines both security information management (SIM) and security event management (SEM) into one security management system...
More details.
Posted on Tue, 29 Oct 2024 08:06:47 +0000
Cyber Security Operation Center Guidelines for best practices SOC Design
Cyber Security is become most needed services for all business and industries in 2024. Every business is concerned about Cyber Security. Security operations (SecOps) leaders face a multifaceted challenge:...
More details.
Posted on Tue, 30 Jan 2024 16:32:57 +0000
HOW TO BECOME CERTIFIED LEAD IMPLEMENTER – ISO 27001
ABOUT CERTIFIED LEAD IMPLEMENTER TRAINING AND EXAMINATION FOR INFORMATION SECURITY MANAGEMENT SYSTEM ISO / IEC 27001 Learn and get certified as a professional in implementation of ISO 27001 standard through our self-paced E-learning interactive course which comprises of 4 modules...
More details.
Posted on Thu, 26 Jan 2023 11:21:59 +0000
YouTube disrupted in Pakistan as former PM Imran Khan streams speech
NetBlocks metrics confirm the disruption of YouTube on multiple internet providers in Pakistan on Sunday 21 August 2022. The disruption comes as former Prime Minister Imran Khan makes a live broadcast to the public, despite a ban issued by the Pakistan Electronic Media Regulatory Authority (PEMRA)...
More details.
Posted on Mon, 22 Aug 2022 05:04:16 +0000
Recommendations for Parents about Cyber Bullying
Here are some dedicated tips for keeping younger children safe online. One of these training tips goes into the risks of young children on the Internet, covers cyber bullying and other risky Internet behavior...
More details.
Posted on Wed, 20 Oct 2021 06:36:27 +0000
WhatsApp, Facebook, Instagram server down in Pakistan?
Facebook-owned social media platforms, WhatsApp, Facebook, and Instagram are facing a worldwide outage, according to Downdetector, which offers real-time status and outage information for all kinds of services...
More details.
Posted on Mon, 04 Oct 2021 17:32:57 +0000
Cloudflare reports record-breaking HTTP-request DDoS attack
Cloudflare reports thwarting the largest known HTTP-request distributed denial of service attack in history, approximately three times larger than any other previously reported. The attack in July reached 17...
More details.
Posted on Sun, 22 Aug 2021 19:26:02 +0000
-
-
How mobile app analytics library led to the PII exposure
A mobile app was leaking personally identifiable information (PII) without anyone knowing. The source? A third-party analytics library. No one on the development team had changed anything. The configuration was untouched...
More details.
Posted on Fri, 25 Jul 2025 00:00:00 +0000
SBOM from the security perspective
Introduction The current situation with SBOMs Types of SBOMs Spotting weak dependencies SBOM and CRA Generating SBOMs: Different tools for different situations Manual SBOM generation GitHub SBOM Generator SBOM for Docker SBOM Benchmarks Inconsistencies in SBOM generation tools SBOMs in security context SBOMs are not accurate SBOMs can include vulnerabilities SBOMs can be signed SBOMs can include hash sums SBOMs’ hindered commercial adoption Data format compatibility issues Privacy concerns General problems of SBOM files Conclusion Introduction # The Software Bill of Materials (SBOM) is a promising approach for keeping an eye on the key elements of a software application, including libraries, dependencies, and frameworks...
More details.
Posted on Wed, 16 Oct 2024 00:00:00 +0000
Protecting ML models running on edge devices and mobile apps
Security challenges for Machine Learning models System architecture for delivering and executing ML models on edge device Risks and threats of running ML models in mobile apps Security defences for ML models ML model encryption Cloud and API protection Mobile application anti-tampering controls Proactive anti-fraud security measures Conclusion ML models are unique combinations of data and algorithms that have been trained on massive volumes of data to provide answers, classify incoming data, and transform it...
More details.
Posted on Fri, 06 Sep 2024 00:00:00 +0000
Cossack Labs Mobile Security Score framework for mobile AppSec
The OWASP Mobile Application Security Verification Standard (MASVS) has been a valuable foundation for our mobile security engineering and assessments. This high-level guideline served us well for a long time, particularly with version 1...
More details.
Posted on Fri, 09 Aug 2024 00:00:00 +0000
Security autotests for measurable and stable application security processes
Introduction The reason behind security autotests Security Autotests How to create security autotest Writing security autotest for validating response header Customising security autotests Security autotests: Fitting use cases Input validation Security Headers are present Verification session token after logout Ready-to-use templates for security autotests Summary Introduction # Software security development is a repeatable process, and some steps could be automated to free up the valuable time of security and software engineers...
More details.
Posted on Thu, 02 May 2024 00:00:00 +0000
Practical OAuth security guide for mobile applications
Intro OAuth: The key points Approach: Reviewing security of OAuth implementation in mobile app Understanding app authentication Intricate workflow behind app-based OAuth login Handling redirects back to the mobile app OAuth security improvement with PKCE CSRF attacks mitigation with “state” parameter Automation, automation, more automation Checklist: Security assessment of OAuth implementation Conclusion Intro # Security requires managing risks with smart and controllable solutions...
More details.
Posted on Fri, 29 Mar 2024 00:00:00 +0000
Security tips on using YubiKey and FIDO U2F
Designed for securing online accounts, FIDO U2F as a protocol and YubiKey as a hardware tool are not silver bullets. If not used wisely, this powerful combo becomes an attractive target in the hands of skilful attackers...
More details.
Posted on Fri, 22 Dec 2023 00:00:00 +0000
Flutter application security considerations
Fast and easy cross-platform application frameworks are promising, yet vulnerable to attacks. Is it possible to make the cross-platform mobile application development safe while avoiding security gaps?
In this post we will focus on pros and cons of Flutter, compare it with other approaches to mobile app development, go deep into platform-specific security risks that developers are to be aware of, and finally offer fundamental mobile security recommendations to make your Flutter projects more secure...
More details.
Posted on Fri, 08 Dec 2023 00:00:00 +0000
Digital payment security: Architecture guide
Building secure digital payment solutions is a challenge when it comes to balancing between convenience and security. How can we build secure digital wallets that meet the needs of fintech users and effectively protect their assets?
Intro Security paradox Balancing convenience and security in digital wallets Perception of security risk Reduce outrage and build a trustworthy digital wallet Digital payment security: Key risks and threats Risk profile and threat model Custodial & non-custodial, hot & cold, multisig wallets: Security benefits vs threats Addressing digital wallet security issues Clearly define your unique risk and threat profile Digital wallets: Addressing security risks Platform security API and backend security Supply chain security Monitoring transactions and addressing security incidents Treating problems systematically: Secure software development lifecycle Targeting specific risks relevant to digital wallets Key leakage and transaction fraud Deanonymisation Know Your Customer Anti Money Laundering Anti Fraud Systems Regulations and compliance Building trustworthy digital payment platforms Security failures in digital wallets Security incidents with custodial and non-custodial wallets Security incidents with banking apps Conclusions and lessons learnt This blogpost is a part of the “Digital wallet security guides”: Read the articles Crypto wallets security as seen by security engineers, Exploring security vulnerabilities in NFC digital wallets, How to prevent digital wallet fraud...
More details.
Posted on Fri, 08 Sep 2023 00:00:00 +0000
How to prevent digital wallet fraud
Custodial or non-custodial cryptocurrency wallets, money transfer platforms, or banking mobile applications — regardless of their forms, digital wallets are expected to provide secure storage of users’ financial assets...
More details.
Posted on Thu, 13 Jul 2023 00:00:00 +0000
Exploring security vulnerabilities in NFC digital wallets
In recent years, we have been reviewing and improving the security of small near-field communication (NFC) devices: smart contactless cards, mobile digital wallets, specialised authentication devices, among others...
More details.
Posted on Thu, 23 Mar 2023 00:00:00 +0000
Smart contract security audit: tips & tricks
Smart contracts occupy a separate niche in software development. They are small, immutable, visible to everyone, run on decentralised nodes and, on top of that, transfer user funds.
The smart contracts ecosystem is evolving rapidly, obtaining new development tools, practices, and vulnerabilities...
More details.
Posted on Tue, 13 Dec 2022 00:00:00 +0000
Introduction to automated security testing
Dangerous security bugs can sit in a code until someone finds them and turns into vulnerabilities that cost a piece of mind, budget or lives. To avoid a disaster, security engineers and DevSecOps engineers do their best to find and prevent weaknesses in software in the earlier stages of development...
More details.
Posted on Wed, 17 Aug 2022 00:00:00 +0000
Cryptographic failures in RF encryption allow stealing robotic devices
Cryptographic failures in the wild # Many developers see security people as annoying creatures, always pointing out mistakes and criticizing incorrect decisions. A cryptographer is considered more malignant: they know math and can tell you actual probabilities of some of your failures...
More details.
Posted on Wed, 29 Jun 2022 00:00:00 +0000
Cossack Labs stands on guard for security of Ukrainian companies
This post has been updated to reflect the current status of our support for Ukraine."
Keep calm and clean your machine gun.
On the morning of February 24th, the Russian Federation attacked peaceful Ukraine and shifted the narrative for the whole 21st century...
More details.
Posted on Mon, 07 Mar 2022 00:00:00 +0000
React Native libraries: Security considerations
React Native is a cross-platform framework that allows developers to write native mobile applications using JavaScript. Supporting multiple platforms means dealing with each platform’s issue (React Native, iOS, Android)...
More details.
Posted on Tue, 15 Feb 2022 00:00:00 +0000
TLS certificate validation in Golang: CRL & OCSP examples
Most applications use TLS for data-in-transit encryption and every programming language has a TLS support in its ecosystem. TLS was introduced in 1999 based on SSL 3.0. It's quite an old protocol, but, what is more important, it's very complex...
More details.
Posted on Tue, 18 Jan 2022 00:00:00 +0200
Crypto wallets security as seen by security engineers
What can go wrong when you develop a “secure” crypto wallet? How to eliminate typical security mistakes and build a secure app with multilayered data protection against mnemonic leakage and transaction forgery?
Cossack Labs security engineers were involved in improving the security of several large public blockchain ecosystems and their hot non-custodial crypto wallets...
More details.
Posted on Tue, 14 Dec 2021 00:00:00 +0200
Shared responsibility model in cloud security: mind the gap
Understanding cloud security # In this article, we observe security responsibility of cloud providers: where it ends, what are the gaps and grey areas, and what risks security teams should take into account when using “as a service” platforms...
More details.
Posted on Tue, 23 Mar 2021 00:00:00 +0000
React Native app security: Things to keep in mind
When developers choose to use React Native as a platform for their mobile apps, they think about the benefits of one codebase for two platforms, increased development speed and advantages of TypeScript...
More details.
Posted on Thu, 22 Oct 2020 00:00:00 +0000
Audit logs security: cryptographically signed tamper-proof logs
Logs, audit logs, and security events are must-have components of a secure system, which help to monitor ongoing behaviour and provide forensic evidence in case of an incident. Let’s cut through complexity...
More details.
Posted on Mon, 14 Sep 2020 00:00:00 +0000
How to build OpenSSL for Carthage iOS
This story is dedicated to fellow developers struggling with updating Carthage package with the latest OpenSSL for iOS and macOS apps. Here you will find the scripts, error messages, testing matrix, and our working solution for Themis to this no small feat...
More details.
Posted on Wed, 10 Jun 2020 00:00:00 +0000
OpenSSL for iOS: tricks of OpenSSL semver
OpenSSL complexity starts with its version string. Apple, Carthage, and some dependency analysis tools have different opinions about it. Here is how we dealt with them and submitted iOS app to the App Store...
More details.
Posted on Wed, 10 Jun 2020 00:00:00 +0000
PII Encryption Requirements. Cheatsheet
This article was initially published on November 2018, then reviewed and updated with the information regarding CCPA on April 2020.
We frequently see how regulatory requirements are mapped onto real-world demands during the integration of our tools and security consulting projects...
More details.
Posted on Thu, 02 Apr 2020 00:00:00 +0000
Lift & Shift: cloud security strategy
Intro # When companies move their infrastructures into the cloud, provisioning resources and configuring them to emulate their initial infrastructure — a practice called “lift and shift” — or migrate the existing solutions from one platform to another, something inevitably migrates together with all the code and assets: their security assumptions ...
More details.
Posted on Wed, 20 Nov 2019 00:00:00 +0000
How to prepare for data security issues
Understanding data security issues # The first thing that comes to mind when one thinks about security issues is typically some poorly written code that is prone to RCE, XSS, and similar attacks. But hardly anyone deliberately sets out with “I’m going to write some really bad, vulnerable code today!” intent in mind...
More details.
Posted on Mon, 28 Oct 2019 00:00:00 +0000
Implementing End-to-End encryption in Bear App
Bear with us! 🐻 # The latest release of a popular note-taking app Bear contains a new feature — end-to-end encryption of user notes. Cossack Labs team worked closely with the amazing Bear team to help deliver this feature...
More details.
Posted on Thu, 05 Sep 2019 00:00:00 +0000
Secure search over encrypted data
More and more data is outsourced to remote (cloud) storage providers fuelled by “software as a service” trends in enterprise computing. Data owners want to be certain that their data is safe against thefts by outsiders, internal threats, and untrusted service providers alike...
More details.
Posted on Tue, 23 Jul 2019 00:00:00 +0000
Install Acra 1-Click App through DigitalOcean Marketplace
Cossack Labs has recently joined the DigitalOcean Marketplace family following our mission to make high-end security tools available to the general developer audience in a convenient fashion. Acra encryption suite is one of the first data security and encryption tools on DigitalOcean Marketplace and it is now available as 1-Click App running in DigitalOcean Droplet ...
More details.
Posted on Tue, 07 May 2019 00:00:00 +0000
Acra on DigitalOcean Marketplace
We always strive to make high-end security tools available to general developer audience in a convenient fashion. Only by making data security accessible, we can ensure real security of sensitive data everywhere...
More details.
Posted on Tue, 16 Apr 2019 00:00:00 +0000
Defense in depth security strategy based on data encryption
Intro # Any set of security controls deployed in your infrastructure may fail. Given enough pressure, some controls will certainly fail. No surprises here, but the question is – how to build our systems to make security incidents less damaging in case of a failure of some components? How to prevent data leaks even in case of a successful data breach?
Building security tools , we strive towards defense in depth approach...
More details.
Posted on Thu, 04 Apr 2019 00:00:00 +0000
How to build an SQL Firewall
Building AcraCensor transparent SQL firewall There are two main ways to mitigate SQL injections: inside the app (using prepared statements, stored procedures, escaping) and outside the app (using Web Application Firewalls or SQL firewalls)...
More details.
Posted on Tue, 05 Mar 2019 00:00:00 +0000
How to prevent SQL injections when WAF’s not enough
Can WAF prevent SQL injection? What is the biggest threat to a tool that prevents unauthorised database access? Requests from the application side that trigger data leakage. Namely, SQL injections and other application attacks that allow attackers to craft custom SQL queries...
More details.
Posted on Wed, 13 Feb 2019 00:00:00 +0000
Blockchain & GDPR: dos and don’ts while achieving compliance
On blockchain and GDPR As cryptographers who develop data security tools that heavily involve cryptography (surprise surprise), we get asked a lot of questions about “crypto”. Unfortunately, not “cryptozoology”* crypto, but neither it is cryptography...
More details.
Posted on Tue, 22 Jan 2019 00:00:00 +0000
Thank You for Contributing and Using Themis in 2018
We believe that everyone should be able to create secure applications and protect users’ privacy. That’s why our main cryptographic components are open source and developer-friendly. But open-source would be nothing without external contributions and feedback from users...
More details.
Posted on Thu, 20 Dec 2018 00:00:00 +0000
Hiring External Security Team: What You Need to Know
In our company, we’ve succeeded in clearly articulating the deliverables of our products and consulting projects. Building a network of great partners and delegating the work out of range of our primary competencies to them helps both parties concentrate on what’s we’re best at...
More details.
Posted on Tue, 27 Nov 2018 00:00:00 +0000
How to Implement Tracing in a Modern Distributed Application
Distributed tracing is incredibly helpful during the integration and optimisation of microservice-rich software. Before implementing tracing as a publicly available feature in the latest version of Acra, we did a small research to catch up with current industry standards in tracing protocols and tools...
More details.
Posted on Thu, 22 Nov 2018 00:00:00 +0000
GDPR for software developers: implementing rights and security demands
A methodical software developer’s perspective on mapping privacy regulations to changes in the database structure, updates in DevOps practices, backups, and restricted processing.
GDPR and software development After 2 years of fearful anticipation, GDPR is finally here, in full effect starting with May 25, 2018...
More details.
Posted on Thu, 20 Sep 2018 00:00:00 +0000
Poison Records in Acra – Database Honeypots for Intrusion Detection
Poison Records in Acra Intro When naming our special type of data containers created for raising an alarm within Acra-powered infrastructures, we were sure we’ve seen the term “poison records” used elsewhere in the same context...
More details.
Posted on Thu, 16 Aug 2018 00:00:00 +0000
Social Events of Spring-Summer 2018 for Cossack Labs
Late April throughout late June of 2018 was quite a hot time for the Cossack Labs team as we were actively developing our products, releasing feature after feature for Acra and Themis and also participated, spoken at, and hosted a number of conferences, meetups, and workshops...
More details.
Posted on Fri, 13 Jul 2018 00:00:00 +0000
How to reduce Docker image size (Example)
Need for Docker image reducing To provide convenient delivery and faster deployment of our tools, just like everybody else − we use Docker. This article describes our experience of using containers for distribution of our product Acra (database encryption suite) and focuses on the method we used to reduce the size of Docker images approximately by 62-64 times...
More details.
Posted on Tue, 29 May 2018 00:00:00 +0000
Moving to OpenSSL 1.1.0 — How We Did It
This article was published in 2018 about R&D work, which resulted in stable production release of Themis that now uses OpenSSL 1.1.1g
If you’re a developer and you’re dealing with cryptography for your app, consider using high-level cryptographic libraries like Themis instead of OpenSSL...
More details.
Posted on Mon, 09 Apr 2018 00:00:00 +0000
2017 at Cossack Labs
Stats This was an eventful year for Cossack Labs! According to our GitHub stats, in 2017 we:
made 1200 commits into master branches;
merged 260 PRs;
accumulated 444 new stars.
Products and releases We picked a weird, but hopefully auspicious habit of releasing stuff on holidays or 13th days of the month (preferably Fridays :) or Mercury retrograde periods:
Acra Acra’s public release took place on the 8th of March...
More details.
Posted on Fri, 29 Dec 2017 00:00:00 +0000
Happy Holidays from Cossack Labs!
Season’s greetings and all kinds of good things in the New Year!
– With 🔒 from Cossack Labs!
More details.
Posted on Mon, 25 Dec 2017 00:00:00 +0000
Auditable Macros in C Code
Intro Like death and taxes, one thing that you can be sure of is that using C macros in a modern software project will cause a debate. While for some macros remain a convenient and efficient way of achieving particular programming goals, for others they are opaque, introduce the unnecessary risk of coding errors, and reduce readability...
More details.
Posted on Thu, 23 Nov 2017 00:00:00 +0000
Replacing OpenSSL with Libsodium
This article was published in 2017 about R&D work, which resulted in stable production release of Themis.
Intro In our ongoing effort to make Themis work with different cryptographic backends, we've decided to try something more challenging than just displacing similar primitives...
More details.
Posted on Thu, 21 Sep 2017 00:00:00 +0000
Replacing OpenSSL with BoringSSL in a Complex Multi-Platform Layout
This article was published in 2017 about R&D work, which resulted in stable production release of Themis that uses BoringSSL as one of crypto-engines.
If you’re a developer and you’re dealing with cryptography for your app, consider using high-level cryptographic libraries like Themis instead of BoringSSL...
More details.
Posted on Tue, 11 Jul 2017 00:00:00 +0000
Importing with ctypes in Python: fighting overflows
Introduction On some cold winter night, we've decided to refactor a few examples and tests for Python wrapper in Themis, because things have to be not only efficient and useful, but elegant as well...
More details.
Posted on Mon, 06 Mar 2017 00:00:00 +0000
Plugging leaks in Go memory management
Intro As many of you know, Go is an amazing modern programming language with automated memory management. We love Go: we've used it to build Acra, our database encryption suite, we further use it to build other products...
More details.
Posted on Tue, 28 Feb 2017 00:00:00 +0000
2016 at Cossack Labs
Bright and full of new 2016 year insensibly came to an end. Writing good software is hard: absorbed in developing our main products, closed a testing round of Acra (all hail the braves who dedicated an immense amount of time giving us feedback), we’ve spent most of the year undercover...
More details.
Posted on Fri, 30 Dec 2016 00:00:00 +0000
13 tips to enhance database and infrastructure security
Article updated in 2019.
Previously in the series... Previously, we’ve talked about design patterns best practices in backend security, then about key management goals and techniques.
It is important to understand that database security evolved with system administration techniques and programming demands, with cryptography and access controls being complementary features, rather than cornerstones...
More details.
Posted on Tue, 13 Dec 2016 00:00:00 +0000
Why making Internet safe is everyone’s responsibility
Responsibility is yours, mine, and that developer's in the office nearby. Open any tech news aggregator and chances are, one-third of all news will be security-related. What we are seeing right now is insane raise of awareness to cyber security, dictated by security threats suddenly turning looming on the horizon to dangerously close to anybody on the Internet...
More details.
Posted on Wed, 26 Oct 2016 00:00:00 +0000
Key management in data security: fundamentals
Key management in security system Frequently overlooked, much less hyped than quantum computers breaking trapdoor functions, managing keys is actually the most important part of building a security system...
More details.
Posted on Wed, 21 Sep 2016 00:00:00 +0000
Backend security: design patterns best practices
This article was revisited and updated in August 2018.
In modern client-server applications, most of the sensitive data is stored (and consequently leaked) on the backend. At Cossack Labs, we’re working on novel techniques to protect the data within modern infrastructures...
More details.
Posted on Mon, 15 Aug 2016 00:00:00 +0000
Zero Knowledge Protocols without magic
When we’ve first released Secure Comparator to use in our Themis crypto library and started talking about novel authentication concepts, we’ve encountered a few common misconceptions and plenty of magical thinking about Zero-Knowledge Proofs as a phenomenon...
More details.
Posted on Wed, 27 Jul 2016 00:00:00 +0000
Perimeter security: avoiding disappointment, shame and despair
Perimeter security: looking back Over the years, the Internet has evolved, and complex systems facing the Internet have evolved too.
Traditional security methodology to defend these systems was to build strong walls around your most valuable assets: build a castle and hope it stands against the external adversary...
More details.
Posted on Wed, 20 Jul 2016 00:00:00 +0000
Choose your Android crypto (Infographic)
Why do I even need to choose? Warning: This article borrows a lot from our original Choose your iOS Crypto publication, so if you've read that one, feel free to skip ahead to the libraries and ending notes about the actual Android specificities...
More details.
Posted on Mon, 23 May 2016 00:00:00 +0000
Building Sesto, in-browser password manager
Intro: what is Sesto Sesto (abbreviation for Secret Store) is open source passwords (and general secrets) manager for web.
What sets Sesto apart from many other password managers is:
it's web password manager, e...
More details.
Posted on Thu, 21 Apr 2016 00:00:00 +0000
Benchmarking Secure Comparator
When we conceived Secure Comparator, we saw that it is going to be slightly slower than existing authentication methods, because:
SMP requires much more rounds of data exchange
each round involves expensive calculations
our modification of ed25519 implementation involves blinding to avoid timing attacks, which makes overall performance even slower
This is a consequence of different demands and different security guarantees Secure Comparator gives: let systems with zero shared information exchange requests to data, where request data itself is a leakage...
More details.
Posted on Thu, 07 Apr 2016 00:00:00 +0000
Crypto in iOS: Choose your destiny (Infographic)
Why do I even need to choose? When building your next app, you might realize that you need to encrypt the data. There are two main reasons for that:
The need to transmit sensitive data to server and back;
The need to store sensitive data...
More details.
Posted on Wed, 30 Mar 2016 00:00:00 +0000
Building secure end-to-end webchat with Themis
Intro While developing components of our products, we love to explore use cases and usability through creating real-world test stands.
0fc is a side-product of WebThemis research: while doing some protocol design for front-end clients with WebThemis services, we wanted to try it in a real-world situation...
More details.
Posted on Thu, 17 Mar 2016 00:00:00 +0000
Building LibreSSL for PNaCl
Intro While building WebThemis, we've encountered the need to build LibreSSL for PNaCl as a source of cryptographic primitives.
The problem? LibreSSL has huge codebase with a lot of complicated code, that won't build on new platform out of the box...
More details.
Posted on Mon, 14 Mar 2016 00:00:00 +0000
Building and Using Themis in PNaCl
Intro Native Client (NaCl) allows browser applications to launch a native low-level code in an isolated environment. Thanks to this, some code, performance code parts can be rewritten in C or C++ easily...
More details.
Posted on Tue, 08 Mar 2016 00:00:00 +0000
What's wrong with Web Cryptography
Introduction Building full stack of cryptographic protection for modern applications includes working with the modern web browser, of course.
However, through 20+ years of history of web browsers, we're at the stage where in-browser cryptography is still problematic, and best you can rely on is SSL...
More details.
Posted on Thu, 03 Mar 2016 00:00:00 +0000
Fixing Secure Comparator
Introduction The idea behind Socialist Millionaire Protocol is to provide definite answer to the question whether two communicating parties possess the same secret or not in a secure (zero-knowledge) manner...
More details.
Posted on Thu, 11 Feb 2016 00:00:00 +0000
Introducing Secure Comparator
A word to pass Passwords are the ultimate keepers of security, extensively used in the 21st century's Internet. As more and more aspects of our lives become accessible online, the importance of keeping your passwords secure becomes crucial, because anybody knowing the password may access your accounts...
More details.
Posted on Wed, 09 Dec 2015 00:00:00 +0000
Why we need novel authentication schemes?
Introduction: A Word To Pass Before introducing our novel request authentication scheme in Themis, we’ve decided to create an overview of the existing methods of authentication and try to look into what the future might bring us...
More details.
Posted on Thu, 26 Nov 2015 00:00:00 +0000
WeakDH/LogJam vs Secure Session
Intro After LogJam vulnerability was published, and then the WeakDH paper (Imperfect Forward Secrecy: How Diffie-Hellman Fails in Practice) was published, we were asked a few times: since Secure Session uses Diffie-Hellman key negotiation, is prone to the same attacks?
We wrote this small note to explain why we are safe from such attacks, and how generally decisions about such important security features are being done for the open source Themis crypto library...
More details.
Posted on Fri, 20 Nov 2015 00:00:00 +0000
Armoring ed25519 to meet extended security challenges
This article was revisited and updated in October 2018.
Introduction We strive to use the best state-of-the-art cryptography for our library Themis. So when we wanted to implement an important novel feature Secure Comparator (that includes the so-called "Socialist Millionaire Protocol"), we needed to replace the prime-field modular arithmetic with something stronger...
More details.
Posted on Wed, 18 Nov 2015 00:00:00 +0000
Why you should avoid SSL for your next application
Introduction 2018 update: This article was 4 years old, and even then presented disputable opinion. Many things have changed since then, we're having TLS 1.3, which eliminates a number of cryptographic concerns and enforces correct uses...
More details.
Posted on Wed, 28 Oct 2015 00:00:00 +0000
Building encrypted chat service with Themis and mobile websocket example
Introduction Imagine you'd like to build your own chat server, which allows clients to exchange messages safely. You have a simple infrastructure consisting of a server written in Ruby and clients for iOS and Android...
More details.
Posted on Thu, 01 Oct 2015 00:00:00 +0000
Notes on adding cutting edge features
As we've stated in the past, the Themis library grew out of our own needs for a secure, efficient and convenient cryptographic library. While providing abstracted high-level services, Themis uses trusted, well established implementations of cryptographic primitives such as those provided by LibreSSL/OpenSSL or platform native cryptography providers...
More details.
Posted on Tue, 22 Sep 2015 00:00:00 +0000
Releasing Themis into public: usability testing
How we did usability testing for Themis when releasing the open source library into public.
When we were ready to release Themis, we've gathered a few colleagues and decided to make a test run on unsuspecting developers - how would the library blend into their workflows?
1...
More details.
Posted on Wed, 03 Jun 2015 00:00:00 +0000
Cybersecurity Professional Standards
Discover how unified cybersecurity professional standards and the UK Cyber Security Council are redefining trust, talent, and resilience in finance.
More details.
Posted on Tue, 29 Jul 2025 11:41:52 +0000
TLPT: Threat Led Penetration Testing Explained
Discover how TLPT (threat led penetration testing) helps organizations validate defenses against real-world cyber threats. Learn who needs threat led pentesting, what drives demand, and how it differs from red teaming and classic pentesting...
More details.
Posted on Fri, 20 Jun 2025 08:00:00 +0000
EUVD Vulnerability Database: Europe’s Answer to CVE Instability
The EUVD marks a strategic shift in vulnerability management, offering a transparent and sovereign alternative to the U.S.-centric CVE system—backed by EU law.
More details.
Posted on Wed, 14 May 2025 09:11:06 +0000
Cyber Incident Response Tips for Small Businesses
Learn how small businesses can build cyber incident response plans by adapting practical strategies from the UK’s “Cyber Incident Grab Bag.”
More details.
Posted on Sat, 03 May 2025 14:06:58 +0000
CVE Under Threat: What You Need to Know
MITRE’s CVE contract expired on April 16, putting global vulnerability tracking at risk. Learn what’s happening and how the security community is responding.
More details.
Posted on Wed, 16 Apr 2025 15:01:36 +0000
Unforgivable Software Vulnerabilities
Some software vulnerabilities are unforgivable—easy to find, easy to fix, and never should’ve existed. Here’s how to spot and prevent them.
More details.
Posted on Fri, 04 Apr 2025 14:27:14 +0000
Preventing Crypto Exchange Hacks: Lessons from Bybit Heist
Bybit lost $1.4B in a North Korean hack via malware, fake UI, and blind signing. Learn key security strategies to protect exchanges from cyber threats!
More details.
Posted on Wed, 26 Feb 2025 09:27:46 +0000
Cyber Defense Using Cyber Kill Chain and MITRE ATT&CK Explained
Learn how the Cyber Kill Chain and MITRE ATT&CK Framework enhance security by identifying, detecting, and responding to cyber threats effectively.
More details.
Posted on Thu, 06 Feb 2025 13:41:48 +0000
The Future of Authentication: Passkeys vs Passwords and 2FA
Passkeys replace passwords with secure, easy logins using biometrics and cryptography, eliminating phishing, breaches, and 2FA issues.
More details.
Posted on Wed, 22 Jan 2025 09:22:47 +0000
Lessons from 2024’s Worst Cyberattacks and How to Stay Secure
Analyzing 2024’s biggest cyberattacks: breaches, vulnerabilities exploited, and actionable steps to strengthen defenses for 2025.
More details.
Posted on Mon, 13 Jan 2025 21:47:29 +0000
What we do and what we offer.
About penetration tests and about our news.
