This website uses a security service to protect against malicious bots. This page is displayed while the website verifies you are not a bot.
Category: security
[Webinar] Stop Guessing. Learn to Validate Your Defenses Against Real Attacks
That’s where things get shaky. A control exists, so it’s assumed to work. A detection rule is active, so it’s expected to catch something. But very few teams are consistently testing how all of this holds up when someone is actively trying to break through, step by step.
This is exactly the gap this webinar focuses on.
Exposure-Driven Resilience: Automate Testing to Validate & Improve Your Security Posture is a practical session built around one idea: stop guessing, start proving. Instead of relying on occasional testing or assumptions, it shows how to validate your security posture continuously using real attacker behavior.
Thousands of websites are accidentally broadcasting sensitive data, study finds
Researchers have discovered a major security leak hiding in plain sight on the internet that could expose the personal data and financial records of millions of people. In a paper published on the arXiv preprint server, Nurullah Demir of Stanford University and colleagues analyzed 10 million websites to see how often API (application programming interfaces) credentials are exposed. These are digital keys or tokens that enable different software programs to communicate and are often used to process bank payments and access cloud storage.
The team used a huge database called the HTTP Archive, which tracks how millions of real websites work. They looked at live, running versions of sites to monitor how data is processed as pages load.
By examining the websites while they were active, the researchers identified API credentials that appear only when a user visits a site. These credentials are specific strings of text that a website uses to identify itself to services like banks or cloud providers.
GitHub adds AI-powered bug detection to expand security coverage
GitHub is adopting AI-based scanning for its Code Security tool to expand vulnerability detections beyond the CodeQL static analysis and cover more languages and frameworks.
The developer collaboration platform says that the move is meant to uncover security issues “in areas that are difficult to support with traditional static analysis alone.”
CodeQL will continue to provide deep semantic analysis for supported languages, while AI detections will provide broader coverage for Shell/Bash, Dockerfiles, Terraform, PHP, and other ecosystems.
PolyShell attacks target 56% of all vulnerable Magento stores
Attacks leveraging the ‘PolyShell’ vulnerability in version 2 of Magento Open Source and Adobe Commerce installations are underway, targeting more than half of all vulnerable stores.
According to eCommerce security company Sansec, hackers started exploiting the critical PolyShell issue en masse last week, just two days after public disclosure.
“Mass exploitation of PolyShell started on March 19th, and Sansec has now found PolyShell attacks on 56.7% of all vulnerable stores,” Sansec says.
Superconducting chip generates tunable terahertz waves for compact imaging
A tiny crystal chip which uses terahertz radiation to see clearly through a wide range of materials could find applications in health care, biological research, and security screening. Researchers from Scotland and Japan have developed a lightweight superconducting chip, which they say could unlock the full potential of terahertz imaging technologies and lead to the development of more powerful and portable devices.
The team’s paper, titled “Terahertz Imaging System with On-Chip Superconducting Josephson Plasma Emitters for Nondestructive Testing,” is published in IEEE Transactions on Applied Superconductivity.
Terahertz radiation lies between the microwave and infrared frequencies of the electromagnetic spectrum. It passes easily and harmlessly through a wide range of materials, and can be used to identify the characteristic “fingerprint” of molecules and biological materials as it does so, allowing them to be detected and analyzed.
New ‘PolyShell’ flaw allows unauthenticated RCE on Magento e-stores
A newly disclosed vulnerability dubbed ‘PolyShell’ affects all Magento Open Source and Adobe Commerce stable version 2 installations, allowing unauthenticated code execution and account takeover.
There are no signs of the issue being actively exploited in the wild, but eCommerce security company Sansec warns that “the exploit method is circulating already” and expects automated attacks to start soon.
Adobe has released a fix, but it is only available in the second alpha release for version 2.4.9, leaving production versions vulnerable. Sansec says that Adobe offers a “sample web server configuration that would largely limit the fallout,” but most stores rely on a setup from their hosting provider.