Is your system being used for crypto mining without your consent? This might sound unlikely to you, but it could be possible, and you won’t even know about it. Cryptojackers can find your unprotected or exposed servers to put malicious code or malware and use it for mining cryptocurrencies.

The Fireblocks Cryptography Research Team has developed MPC-BAM, a new two-party ECDSA MPC protocol that achieves an ideal balance among the three key efficiency metrics in cryptographic protocols: rounds, communication, and computation. Multi-party computation (MPC) cryptography protocols are critical for the decentralized finance (DeFi) ecosystem as they enhance security and privacy while allowing direct custody operations.

Modern adversaries are quiet. No longer reliant on clunky malware to breach their targets, they have adopted more subtle and effective methods to infiltrate businesses, move laterally and access critical applications, steal data, impersonate users and more. They are also gaining speed: The average eCrime breakout time, now just 62 minutes, has fallen in recent years as adversaries accelerate from initial intrusion to lateral movement.

An Internet Protocol (IP) address is a unique series of numbers that identifies your device on the internet or the network it’s connected to. IP is a set of rules that determines how data is formatted when sent through the internet or a local network. Therefore, an IP address allows information to be transmitted on a network and distinguishes between various devices on the internet. You will typically see an IP address as a set of four numbers ranging from 0 to 255, separated by periods.

The rapid evolution of the Internet of Things (IoT) and Operational Technology (OT) is transforming industries, especially in critical sectors like healthcare. While these innovations promise enhanced efficiency and connectivity, they also expose organisations to a broader and more complex cybersecurity threat landscape. With quantum computing on the horizon, the stakes have never been higher.

At the Device Authority Virtual Summit, Kaivan Karimi discussed how, as IoT and OT ecosystems grow more intertwined, especially within the automotive industry, the stakes in cybersecurity have never been higher. Connected vehicles, once a novel innovation, are now mission-critical infrastructure vulnerable to advanced threats.

APIs have become the backbone of modern digital ecosystems, powering everything from mobile apps to e-commerce platforms. However, as APIs grow in importance, they also become prime targets for malicious actors. Increasingly, bots are being weaponized to exploit vulnerabilities, overwhelm systems, and siphon sensitive data—all without triggering alarms until it’s too late.

It's not a new technique, but that doesn't mean that cybercriminals cannot make rich rewards from SEO poisoning. SEO poisoning is the dark art of manipulating search engines to ensure that malware-laced adverts and dangerous websites appear high on users' results - often impersonating legitimate businesses and organisations. But the simplest way of all to get a malicious website in front of a potential victim is to create a Google advertising account, and buy your way to the top of the search results.

In today’s rapidly interconnected digital environment, third-party APIs have become fundamental for enhancing functionality and enriching user experiences. However, as seen in recent incidents like the Kaiser data breach, these third-party integrations carry risks that, if unaddressed, can lead to significant security and privacy violations.

In our previous blog post in this series we showed how the immaturity of the Machine Learning (ML) field allowed our team to discover and disclose 22 unique software vulnerabilities in ML-related projects, and we analyzed some of these vulnerabilities that allowed attackers to exploit various ML services.