Latest News

Apple has publicly made available its Private Cloud Compute (PCC) Virtual Research Environment (VRE), allowing the research community to inspect and verify the privacy and security guarantees of its offering. PCC, which Apple unveiled earlier this June, has been marketed as the "most advanced security architecture ever deployed for cloud AI compute at scale." With the new technology, the idea is

Fortinet and Mandiant investigated the mass exploitation of FortiManager devices via CVE-2024-47575, impacting 50+ systems across industries. Threat…

Artificial Intelligence (AI) has rapidly evolved from a futuristic concept to a potent weapon in the hands of bad actors. Today, AI-based attacks are not just theoretical threats—they're happening across industries and outpacing traditional defense mechanisms.  The solution, however, is not futuristic. It turns out a properly designed identity security platform is able to deliver defenses

The U.S. Securities and Exchange Commission (SEC) has charged four current and former public companies for making "materially misleading disclosures" related to the large-scale cyber attack that stemmed from the hack of SolarWinds in 2020. The SEC said the companies – Avaya, Check Point, Mimecast, and Unisys – are being penalized for how they handled the disclosure process in the aftermath of

The Irish data protection watchdog on Thursday fined LinkedIn €310 million ($335 million) for violating the privacy of its users by conducting behavioral analyses of personal data for targeted advertising. "The inquiry examined LinkedIn's processing of personal data for the purposes of behavioral analysis and targeted advertising of users who have created LinkedIn profiles (members)," the Data

Blockchain, known for its role in cybersecurity, fintech, and cryptocurrencies, raises the question: Is it secure? Absolutely! With…

With the planned release of Red Hat Enterprise Linux (RHEL) 10 in 2025, the PKCS #12 (Public-Key Cryptography Standards #12) files created in FIPS mode now use Federal Information Processing Standard (FIPS) cryptography by default. In other words, PKCS #12 files allow for backup or easy transfer of keying material between RHEL systems using FIPS approved algorithms.What are PKCS #12 files?PKCS #12 is currently defined by RFC 7292 and is a format for storing and transferring private keys, certificates, and miscellaneous secrets. Typically, PKCS #12 is used for transferring private RSA, EdDSA, o

### Issue Snowflake recently learned about and remediated a set of vulnerabilities in the Snowflake Connector for Python. Under specific conditions, certain users credentials (or portions of those credentials) were logged locally by the Connector to the users own systems. The credentials were not logged by Snowflake. These vulnerabilities affect versions up to and including 3.12.2. Snowflake fixed the issue in version 3.12.3. ### Vulnerability Details When the logging level was set by the user to DEBUG, the Connector could have logged Duo passcodes (when specified via the “passcode” parameter) and Azure SAS tokens. Additionally, the [SecretDetector](https://docs.snowflake.com/en/developer-guide/python-connector/python-connector-example#logging) logging formatter, if enabled, contained bugs which caused it to not fully redact JWT tokens and certain private key formats. ### Solution Snowflake released version 3.12.3 of the Snowflake Connector for Python, which fixes these issues. We r...

Vulnhuntr is a Python static code analyzer that uses Claude AI to find and explain complex, multistep vulnerabilities.

Amazon's open source Cloud Development Kit generates dangerously predictable naming patterns that could lead to an account takeover.