Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

CrowdStrike has been recognized as a Leader and Fast Mover in the 2024 GigaOm Radar for Container Security, marking another milestone in our mission to secure the cloud with the industry's most unified and comprehensive cloud security solution. Kubernetes has become the fastest-growing project in the history of open-source software — more than 60% of enterprises have adopted it.

An email phishing campaign is targeting popular YouTube creators with phony collaboration offers, according to researchers at CloudSEK. The emails contain OneDrive links designed to trick users into installing malware. “The malware is hidden within attachments such as Word documents, PDFs, or Excel files, often masquerading as promotional materials, contracts, or business proposals,” the researchers explain.

Cybersecurity researchers are warning about a new breed of investment scam that combines AI-powered video testimonials, social media malvertising, and phishing tactics to steal money and personal data. Known as Nomani — a play on "no money" — this scam grew by over 335% in H2 2024, with more than 100 new URLs detected daily between May and November, according to ESET's H2 2024 Threat Report.

On December 15, 2024, reports emerged that threat actors have begun attempting to exploit a recently disclosed critical vulnerability in Apache Struts (CVE-2024-53677) shortly after the publication of a Proof-of-Concept (PoC) exploit. Apache Struts is a widely used open-source web application framework for developing Java-based applications.

The future of eliminating secrets sprawl means getting a handle on the lifecycles and interdependencies of the non-human identities that rely on secrets. Learn how to implement these NHI security measures at scale.

Windows PowerShell and command prompt (CMD) are both essential command-line interface tools for Windows administrators, allowing them to execute commands, manage system processes and automate administrative tasks. While CMD has been a foundational component of Windows since the MS-DOS era, PowerShell has emerged as a more advanced and powerful scripting language, enhancing system management and automation capabilities.

On July 24th 2024, Curl maintainers announced a new stack buffer Use After Free (UAF) vulnerability – CVE-2024-6197. This type of vulnerability is very uncommon since UAF issues usually occur on the heap and not on the stack. While the vulnerability can be easily exploited for causing denial of service, in this blog we will show why we believe that it is almost impossible to exploit this vulnerability to achieve remote code execution in any real-world setup.

No matter your industry, the end-of-year holiday season is typically a busy time. Unfortunately, it’s also a busy time for cyber criminals. Enterprise organizations are particularly vulnerable to modern data breaches and other attacks during the holidays, which means you must be especially vigilant about guarding against them.