attack trends

Cyberattackers are shifting their strategy in attacking applications and focusing on one of the most dangerous tactics. For the fourth straight month, the number one tactic was insecure deserialization, aka untrusted deserialization ...

In this blog we explore the kill chain of a compromised mailbox, after a user has undergone an Account Takeover (ATO) attack. The post Behind the Attack: Account Takeover (ATO) appeared first ...

In this blog, we explore a new attack in which threat actors exploit encrypted OneNote documents to deliver malware. The post Hackers Use Password-Protected OneNote Files to Spread Malware appeared first on ...

Files "are like a box of chocolates, you never know what you're going to get". In this blog, we cover the risks of malicious file uploads to web apps and the best ...

There’s a new sophisticated phishing campaign making its rounds that aims to trick Facebook users into giving scammers their account credentials and PII by leveraging validation processes to seem credible. The post ...

Hundreds of legitimate websites are being used in two-step phishing attacks. Novel computer vision models can prevent them from reaching users' inboxes. The post One for the Show, Two for the Money ...

In this blog we cover a new underground Clipper malware that allows attackers to replace a victim's crypto wallet with their own. The post Behind the Attack: Paradies Clipper Malware appeared first ...

Continuous integration and delivery platform CircleCI confirmed that a security incident occurred on January 04, 2023 and was caused by an infostealer being deployed on an employee’s laptop. Because the targeted employee ...