GitLab has released a new series of updates to address critical security flaws in its software development platform. Among these, a severe vulnerability tracked as CVE-2024-6385 has been identified, allowing attackers to run pipeline jobs as arbitrary users. This blog will detail the nature of these vulnerabilities, their impact, and the steps GitLab has taken to mitigate them. Critical Vulnerability: CVE-2024-6385.

Russian state-sponsored media organization RT has been using AI-powered software to generate realistic social media personas and spread disinformation for the past two years. This sophisticated tool, known as Meliorator, has been employed to target multiple countries, including the US, Poland, Germany, the Netherlands, Spain, Ukraine, and Israel. Meliorator's Capabilities.

A large-scale fraud operation, dubbed "Ticket Heist," is exploiting over 700 domain names to sell fake tickets for the upcoming Summer Olympics in Paris. This campaign, which appears to predominantly target Russian-speaking users, extends beyond the Olympics to other major sports and music events, posing a significant risk to potential ticket buyers. Details of the Ticket Heist Campaign.

Sometimes, we need to escape the reality of the real world and detach from reality. In this world centered around technology, fewer people are relaxing by candlelight with a good book, and more are choosing to substitute the physical world by bringing in elements from augmented reality. Unfortunately, the privacy issues we face in the real world from companies are still present in augmented reality.

Business leaders often see security as an insurance policy – a box that CISOs need to tick just in case the organization comes under attack. This make it difficult for InfoSec decision makers to justify the cost of upgrading defenses. After all, we already ticked that box – right? But when it comes to automated attacks, it’s not a matter of “if” bots will target your business. It’s not even a question of “when”.

In today's increasingly digital world, where businesses rely heavily on technology for core operations, the European Union's Digital Operational Resilience Act (DORA) establishes a comprehensive framework to manage Information and Communication Technology (ICT) related risks and ensure business continuity for financial institutions and critical service providers.

A password manager is a solution that helps users securely store, manage and share their login credentials. Some password managers also aid in securely storing additional data such as passkeys, documents, files and images. You may be familiar with browser-based password managers, which are the ones built into your browser. Or if you’re an iPhone user, you may be more familiar with the password manager built into your phone called iCloud Keychain.

Pretexting is a type of social engineering attack in which the scammer manipulates their target into sharing private information or sending money by making up a story. Pretexting can occur on the phone, via text message, through email or in person. The goal of pretexting scams is typically to infect your device with malware, steal your money, breach private data and more.

Over the last twelve months, the Internet security landscape has changed dramatically. Geopolitical uncertainty, coupled with an active 2024 voting season in many countries across the world, has led to a substantial increase in malicious traffic activity across the Internet. In this report, we take a look at Cloudflare’s perspective on Internet application security. This report is the fourth edition of our Application Security Report and is an official update to our Q2 2023 report.

Mobile devices have become so integral to both business and personal lives that it is difficult to imagine a life without them. There’s more attack surface area as a result, and it’s IT’s job to mitigate the risk of cyberattacks. Insider threats are often involved, because employees and their devices can be one of the weakest links in the security chain.