Sending an email with a forged address is easier than previously thought, due to flaws in the process that allows email forwarding, according to a research team led by... Read more »

While APIs are essential to many operations and used extensively, a lack of prioritization and understanding is leading us towards a growing API security crisis, according to a report... Read more »

Social engineering is a manipulative technique used by individuals or groups to deceive or manipulate others into divulging confidential or sensitive information, performing actions, or making decisions that are... Read more »

Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: The misconceptions preventing wider adoption of digital signatures In this Help Net Security interview,... Read more »

PallyCon has introduced a new feature called PallyCon DRM License Cipher, designed to address vulnerabilities in software-level DRM solutions. In today’s digital era, the protection of digital content is... Read more »

A vulnerability (CVE-2023-20269) in Cisco Adaptive Security Appliance (ASA) and Cisco Firepower Threat Defense (FTD) firewalls is being exploited by attackers to gain access to vulnerable internet-exposed devices. “This... Read more »

North Korean threat actors are once again attempting to compromise security researchers’ machines by employing a zero-day exploit. The warning comes from Google’s own security researchers Clement Lecigne and... Read more »

Apple has patched two zero-day vulnerabilities (CVE-2023-41064, CVE-2023-41061) exploited to deliver NSO Group’s Pegasus spyware. “The exploit chain was capable of compromising iPhones running the latest version of iOS... Read more »

Microsoft addressed 33 CVEs in Windows 10 and 11 last month after nearly 3x that number in July. But despite the lull in CVEs, they did provide new security... Read more »