Snyk security researcher Rory McNamara, with the Snyk Security Labs team, identified four vulnerabilities — dubbed "Leaky Vessels" — in core container infrastructure components that allow container escapes. An attacker could use these container escapes to gain unauthorized access to the underlying host operating system from within the container.

The complexity of modern applications (think open source, proprietary and commercial code) makes the management of software supply chain security a business-critical effort. Robust software supply chain security requires a thorough understanding of your organization’s software components - a complete visibility into the makeup of your code - best achieved with a Software Bill of Materials (SBOM).

One-Time Share is a feature Keeper® Password Manager offers that allows users to securely share passwords and other sensitive data with anyone on a time-limited basis. When using One-Time Share, the recipient does not have to be a Keeper user themselves, making it convenient to securely share sensitive information with anyone. Continue reading to learn more about One-Time Share and the benefits of using this feature when sending sensitive logins and other data.

NXDOMAIN, indicating the non-existence of a queried domain, poses significant challenges within Kubernetes, impacting application functionality, service communication, and overall cluster stability. Investigating NXDOMAIN responses in Kubernetes is vital for sustaining the reliability, performance, and security in a containerized environment.

Planet Home Lending (PHL) is a real estate and homeowner agency that assists consumers in finding and financing lasting homes. PHL has 20 locations, from California to Alabama and Spokane to New Orleans. Citrix Systems, a worldwide technology solutions provider, created one aspect of PHL’s network. In 2023, officials found Citrix to have a destructive vulnerability, which allowed cybercriminals to access the networks of Citrix clients.

Do you know what 23andMe, Jason's Deli, North Face, and Hot Topic have in common? They've all been breached by successful credential stuffing attacks in the last year! An attack type that has gained prominence in recent years is credential stuffing. In this blog, we will explore what credential stuffing is, discuss current approaches to mitigate this type of attack, and their weaknesses. Additionally, we'll share our insights on what needs to be.

Cross-Site Request Forgery (CSRF) remains a continuing threat, exposing user data and application integrity. However, with proactive measures like anti-CSRF tokens and additional defenses, you can protect your applications against CSRF attacks. Let’s delve into the depths of CSRF vulnerabilities and explore practical strategies to boost your web application security.

The Identity Theft Resource Center (ITRC) is a non-profit organization that minimizes and mitigates the risks of identity threats. Their role as a reputable security solution enables them to collect and analyze data from survey respondents; this report asked questions of small business (SMB) owners and employees to assess the state of identity threats better.

The recent identification of CVE-2024-23897 in Jenkins versions up to 2.441 has significantly heightened concerns within the cybersecurity community, particularly focusing on the implications for public-facing Jenkins servers. Jenkins servers are important for many organizations as they are used in continuous integration/continuous deployment (CI/CD) pipelines, automating stages of software development and deployment.

The skill gap is still a thing. Even though big players are making news headlines with ongoing global-scale layoffs – according to the 2023’ Upskilling IT Report almost 1/3 of IT organizations describe the lack of skilled resources as the biggest challenge for the IT leaders. In many cases, the post-pandemic layoffs are the result of excessive hiring during the covid-time.