Throughout history, technology has been a catalyst for solving many civilizational problems. The advent of artificial intelligence (AI) presents an incredible opportunity to combat cybersecurity risks and bolster the defenses of organizational IT networks. The good news is that it’s already making an impact by reducing the average dwell time of cyber attacks by as much as 15%. But AI holds much more promise.

In 2024, we’ve committed to making 1Password more user-friendly, accessible, and intuitive, and that’s why today, we’re introducing recovery codes.

According to the CrowdStrike 2024 Global Threat Report, the fastest recorded eCrime breakout time was just 2 minutes and 7 seconds in 2023. This underscores the need to equip security analysts with modern tools that level the playing field and enable them to work more efficiently and effectively.

CVE-2024-32002 was published on May 15, 2024 and is affecting versions of Git SCM. The vulnerability exploits a bug where Git can be fooled into writing files into a.git/ directory instead of a submodule's worktree. To fully mitigate this vulnerability additional steps need to be taken beyond updates.

Businesses of all shapes and sizes can fall victim to data breaches. Unfortunately, even with the best privacy and security measures in place, hackers are continually becoming more skilled at beating them. A well designed and implemented data breach response plan is essential if businesses are to minimize the effect of data breaches and protect their reputation. Not only that, but they can reduce the financial damage to the business and better position the organization for recovery.

CodeSecDays provided an invaluable platform for the French AppSec community to come together, share insights, address challenges, and explore best practices for securing digital infrastructures. Here are the key highlights.

After our recent successes exploring WebSocket Hijacking vulnerabilities, we decided to expand this research project into other attacks that involve WebSockets. We started by looking at WebSocket smuggling attacks and expanded our scope to include HTTP response header injection attacks and potential novel impacts.

AI promises many advantages when it comes to application development. But it’s also giving threat actors plenty of advantages, too. It’s always important to remember that AI models can produce a lot of garbage that is really convincing—and so can attackers. “Dark” AI models can be used to purposely write malicious code, but in this blog, we’ll discuss three other distinct ways using AI models can lead to attacks.