Microsoft documents a novel authentication bypass technique used by russian Cozy Bear threat actor group.

With destructive cyber attacks at an all time high, pressures for regulation are following suit. But don't expect too much.

Implications for threat hunters: update of replication rules is a clue that data exfiltration may silently be occurring in the environment.

Legitimate SaaS platforms are increasingly used for phishing links distribution, a relatively novel evasion technique.

Heavily digitized healthcare is especially at risk since it contains so much sensitive data, including patient records.

Mixed messages from the new GitLab DevSecOps Survey 2022: toolchain sprawl and limited budgets, but also wider usage of SAST and DAST tools.

The new Postman annual State of the API Report highlights the risks of programmatic integration via APIs

From pass-the-cookie attacks to adversary-in-the-middle (AiTM) schemes, bypassing MFA is becoming more frequent. There are ways to defend.

And a sharp rise in wiper malware - notes from the new FortiGuard Labs report covering the first 6 months of 2022.