Technology can serve as a double-edged sword for women grappling with domestic abuse: while it has the potential to save lives, it also has the capacity to lay bare one's most intimate vulnerabilities. One such harrowing story comes from a survivor (which we will call Bridget to protect her anonymity), who faced a nightmare of cyberstalking, intimate image abuse (colloquially known as revenge porn), and relentless online harassment that lasted for years.

In the course of a major research rollout like my recent whitepaper on KEV vulnerabilities, I frequently end up doing some bit of analysis that doesn’t make it into the final doc. Usually, it is because I am dealing with limited space and attention spans, and I gotta stop sometime. The stuff that gets cut is usually not terribly compelling or surprising or is maybe more an artifact of the particular bias in our sample or is only interesting to a very small audience.

Paris is the place to be, hosting events like Vogue World and Tour de France. Unfortunately, where there’s a lot of people, there are plenty of scammers.

During a recent customer engagement, the CyberArk Red Team discovered and exploited an Elevation of Privilege (EoP) vulnerability (CVE-2024-39708) in Delinea Privilege Manager (formerly Thycotic Privilege Manager). This vulnerability allowed an unprivileged user to execute arbitrary code as SYSTEM. CyberArk responsibly disclosed this vulnerability to Delinea, including the exploit proof of concept (POC) code, as part of our commitment to contributing to the security community.

This story starts when Sébastien Lorber, maintainer of Docusaurus, the React-based open-source documentation project, notices a Pull Request change to the package manifest. Here’s the change proposed to the popular cliui npm package: Specifically, drawing our attention to the npm dependencies change that use an unfamiliar syntax: Most developers would expect to see a semver version range in the value of a package or perhaps a Git or file-based URL.

OpenSSH server is currently exposed to a dangerous vulnerability that, if exploited, could grant cybercriminals full system access without user interaction. This post provides an overview of CVE-2024-6387 and suggests remediation responses to mitigate its impact.

Today, most organizations and individuals use Linux and the Linux kernel with a “one-size-fits-all” approach. This differs from how Linux was used in the past–for example, 20 years ago, many users would compile their kernel and modify it to fit their specific needs, architectures and use cases. This is no longer the case, as one-size-fits-all has become good enough. But, like anything in life, “good enough” is not the best you can get.

OpenShift, Red Hat’s enterprise-grade Kubernetes platform, has become the cornerstone for organizations embracing containerization. Its ability to streamline application development, deployment, and scaling across hybrid and multi-cloud environments is undeniable. However, successful OpenShift deployment is far from a walk in the park. The intricacies of container orchestration, data management, and maintaining high availability can quickly overwhelm even experienced IT teams.

Government agencies worldwide are entrusted with safeguarding sensitive data and facilitating seamless operations across various critical infrastructure sectors. However, this pivotal role puts them in threat actors’ sights – from cybercriminals to politically motivated entities to state-sponsored actors from other parts of the world.

Cybersecurity Maturity Model Certification (CMMC) is a comprehensive program to enforce conformance with the NIST 800-171 security controls for non-government organizations handling Federal Contract Information (FCI) and Controlled Unclassified Information (CUI). The program has a three tiered requirements structure based on the nature and sensitivity of information an organization handles.