Elastic Workflows is generally available in 9.4, bringing production-ready security automation with deeper case management integration, human-in-the-loop support, natural language authoring, and more.
( 22
min )
Red Canary's monthly roundup of upcoming security conferences and call for papers (CFP) submission deadlines May 2026
( 25
min )
Get actionable best practices to shrink your attack surface, protect execution environments, control package ingestion, and catch compromises early.
( 56
min )
Following your foundation, operationalize Wiz across development, detection and response, and program maturity so your security program never stops getting stronger.
( 57
min )
Secure Microsoft 365 and the cloud it powers — one platform, one graph, complete context.
( 54
min )
Cloudfoxable started as a hands-on AWS security training tool. Now it's expanding. Bishop Fox has launched the first set of Azure challenges, giving security professionals a safe, intentionally misconfigured environment to explore identity-driven attack paths and privilege escalation in Azure.
( 7
min )
Elastic Security now lets analysts describe a threat behavior in plain language and receive a complete, validated Elasticsearch ES|QL detection rule in return, no query expertise required.
( 28
min )
Conversational Entity Analytics delivers Entity Analytics features as rich inline attachments and Canvas previews into Agent Builder, so you don’t have to leave the conversation.
Elastic Security 9.4 introduces skills, modular AI capabilities that teach the Elastic AI Agent how to detect, investigate, and hunt like a specialist. This is how they work, and why they matter for the SOC.
Detect and mitigate Copy Fail (CVE-2026-31431), an easily exploitable vulnerability in the Linux kernel that allows escalation from an unprivileged local user account to root access.
( 52
min )
.png)
Senior pentesters have a deeply refined intuition about what is vulnerable in an environment. The problem? That expertise is often siloed with an individual and trapped in their notes or Python scripts.
( 7
min )
Learn how to perform distributed, real-time Digital Forensics and Incident Response (DFIR) using Osquery and Elastic to investigate threats at scale without relying on disk imaging.
( 29
min )
Delivering enterprise-grade continuous AI-powered risk assessment to hundreds of customers through the combined power of Wiz and Anthropic
( 51
min )
When AI meets CI/CD: permission bypasses, prompt injection, and what to do about it.
( 62
min )
Attackers can already find, connect to, and probe your exposed AI agent infrastructure. AIMap gives defenders that same visibility. Built by Bishop Fox, this open-source tool discovers, scores, and tests exposed AI endpoints so you can understand your real attack surface before someone else does.
( 9
min )
How AI Adoption, Autonomy, and Attacker Innovation Are Reshaping Cloud Security
( 53
min )
Detect and mitigate malicious npm packages linked to the recent Shai-Hulud-style campaign - Mini Shai Hulud.
( 54
min )
Providing Application Security teams with visibility and guardrails to secure agentic software development and the modern software supply chain
( 54
min )
How Wiz enables Australian government agencies to operationalise MDA with real-time context, zero trust enforcement, and end-to-end cloud visibility.
( 54
min )
The beta release of Mac threat prevention simplifies how Jamf admins can defend their Mac fleets.
( 7
min )
Hello! Yes, it's all a disaster again!
Let's get this party started:
0:00
0:12
1×
No comments today, so imagine this:
We wrote something that we find very funny,
Nobody else gets it,
But everyone humors us
Just like a typical watchTowr Labs
( 14
min )
Atomic Red Team’s new MCP server helps you test more, faster as you validate your detection coverage against MITRE ATT&CK techniques
( 29
min )
How to build HackingTeam's OS X implant in Xcode
( 42
min )
How reversing Apple's 'RootPipe' patch provided the means to secure TaskExplorer's XPC service
( 42
min )
Why BlockBlock needs a kext (hint: process monitoring), and how the kext was created
( 42
min )
Exploiting RootPipe on OS X 10.10.3
( 42
min )
Learn how to leverage Apple's new Endpoint Security Framework to create a comprehensive (user-mode) Process Monitor for macOS 10.15!
( 14
min )
How to remotely kernel-debug a OS X 10.11 VM
( 42
min )
A deeper dive into 'MacInstaller' and the adware it installs
( 42
min )
Details on bypassing Apple's original rootpipe patch
( 42
min )
Announcing the release of DHS; a tool to help detect (dylib) hijackers
( 42
min )
The website of a popular application was hacked, and the application trojaned with a new variant of osx/proton.
( 3
min )
Looks like somebody on the 'dark web' is offering 'Ransomware as a Service'...that's designed to infect Macs!
( 6
min )
Turns out that writing security tools is a great way to inadvertently uncover bugs in macOS. How about a crash in Apple's 'Security' framework ... that can't be good!?
( 7
min )
Analyzing code within the macOS kernel audit subsystem uncovered an exploitable heap overflow.
( 5
min )
Some undetected adware named "Mughthesec" is infecting Macs...let's check it out!
( 5
min )
Today is our 2nd birthday! Let's look at our past, present, and future.
( 2
min )
Reverse-engineering a 'Russian' implant reveals HackingTeam's code!?
( 9
min )
Analysis of OSX/Proton.B reveals some interesting tricks plus a command file that can be decrypted to reveal the malware's capabilities
( 10
min )
A new 'security' feature in macOS 10.13, is trivial to bypass.
( 5
min )
Turns out the innocuously named "Calendar 2" app, found on the official Mac App Store, was surreptitiously turning Mac into cryptocurrency miners!
( 4
min )
High Sierra suffered from a nasty bug (CVE-2017-7149) that afforded local attackers access to the contents of encrypted APFS volumes.
( 12
min )
The macOS kernel had an (intentional?) off-by-one bug that could trigger a kernel panic.
( 13
min )
Apple's 'fix' for a macOS kernel panic, fixes nothing and worse, introduces a new bug.
( 13
min )
Learn how to leverage Apple's new Endpoint Security Framework to create a comprehensive (user-mode) File Monitor for macOS 10.15!
( 10
min )
I uncovered a new cross-platform backdoor that provides remote attackers persistent access to infected systems
( 12
min )
A massively popular iOS application turns out to be a government spy tool! Here, we analyze the app; decrypting its binary and studying its network traffic.
( 12
min )
A 0day logic flaw in Microsoft Excel leads to 'remote' code execution on macOS, via malicious macros.
( 6
min )
How we built an open-source, drop-in CI template that uses signal extraction and LLM reasoning to catch CI/CD abuse in GitHub Actions, GitLab CI, and Azure DevOps pipelines.
( 25
min )
Details on CVE-2026-3854: A critical flaw in GitHub’s internal git infrastructure enabling RCE on GitHub.com and GitHub Enterprise Server.
( 63
min )
We’re proud to announce that PortSwigger recently won the Overall Judges’ Award at the Northern Tech Awards 2026. The Northern Tech Awards are run by GP Bullhound, the tech advisory and investment fir
( 4
min )
Mac security updates lag due to legacy workflows. DDM enables faster patching, reducing vulnerability windows and manual effort for IT teams.
( 7
min )
The shift from static CVE scoring to risk-based prioritization signals a new era for Vulnerability Managers
( 52
min )
﷽
( 4
min )
How Elastic's InfoSec team built a monitoring pipeline for Claude Code and Claude Cowork using their native OTel export capabilities and Elastic's OTel ingestion infrastructure.
( 22
min )
A previously unknown 2005 cyber sabotage framework patches high-precision calculation software in memory to silently corrupt results.
( 45
min )
A previously unknown 2005 cyber sabotage framework patches high-precision calculation software in memory to silently corrupt results.
( 45
min )
Jamf Training marks 20 years of empowering IT professionals with hands-on learning, certifications, and evolving pathways to manage and secure Apple.
( 12
min )
Poisoned packages and pipeline perils in this month's edition of Intelligence Insights.
( 29
min )
Bishop Fox built a vulnerable MCP-based customer support tool and turned it into a security challenge. Explore how AI agents interact with tools, escalate privileges, and expose sensitive data. If you work with AI systems, this CTF shows exactly how these architectures fail in the real world.
( 10
min )
﷽
( 3
min )
Marc Rogers and Silas Cutler expose how cheap smart home devices conceal a shadow supply chain of shell companies, firmware flaws, and foreign data routing.
( 24
min )
Marc Rogers and Silas Cutler expose how cheap smart home devices conceal a shadow supply chain of shell companies, firmware flaws, and foreign data routing.
( 24
min )
SpecterOps has been named to OpenAI's inaugural Trusted Access for Cyber (TAC) cohort (alongside Nvidia, CrowdStrike, JPMorgan Chase, and Bank of America and others) giving verified defenders governed access to advanced AI models for legitimate security use cases.
The post SpecterOps Selected for OpenAI’s Trusted Access for Cyber Program appeared first on SpecterOps.
( 11
min )
Discover how granular, device-level content filtering gives K-12 IT teams the precision to protect students everywhere without blocking the tools teachers depend on.
( 7
min )
NIST just announced it's prioritizing CVE enrichment for government systems and deprioritizing everything else. For security teams that rely on NVD data, the gap is real. Here's what changed, why it's been coming for years, and what your team should do to stay ahead of the risk.
( 13
min )
Announcing new capabilities at Google Cloud Next that extend and deepen Wiz AI-APP coverage: From the first line of AI-generated code, across AI and agent studios, to the edge of the cloud
( 60
min )
When 500,000 Findings Hide 14 Real Threats Modern enterprises ingest vulnerability data from dozens of sources: endpoint detection and response platforms, vulnerability scanners, cloud security posture tools, container image scanners. A large organization can easily accumulate hundreds of thousands of individual findings. The standard response is to sort by CVSS score, filter for criticals, and […]
The post 500,000 Vulnerabilities, 14 That Matter: How Exploit Chain Analysis Cuts Through the Noise appeared first on Praetorian.
( 18
min )
TL;DR Introduction In my previous blog post, I wrote about finding your path into DFIR; how to get started, where to focus your time, and why curiosity and good fundamentals matter more than just chasing every certification. That is still true, but once you have been in the field for a while, you start to realise that getting into DFIR is only […]
The post AI can help in DFIR, but it cannot replace investigator judgement appeared first on Pen Test Partners.
( 10
min )
AI agents are writing more and more code. Ensure it's secure. Learn how Wiz Code plugins and the Green Agent bring machine-speed remediation to your AI-IDE.
( 56
min )
See your full Apigee architecture on the Wiz Security Graph, from API gateways and environments to every endpoint and its authorization scheme.
( 53
min )
Elastic Security Labs explores the ongoing arms race between LLM-driven reverse engineering and obfuscation.
( 67
min )
Jamf Threat Labs analyzes leaked source code of a Safari exploitation kit (DarkSword) and the impact of this disclosure on the mobile ecosystem.
( 12
min )
Extending Wiz Visibility with the Databricks Data & AI Platform
( 54
min )
Threat actors have moved upstream, and while security teams have focused on the code developers write, the systems that build and deliver that code have remained a blind spot.
( 58
min )
In Part 2 of the series, Weylon covers how to use ForceHound to visualize Salesforce attack paths in BloodHound CE, identify transitive privilege escalation, and legacy Connected App exposures.
The post Walking Through an Attack Path with ForceHound appeared first on NetSPI.
( 13
min )
Discover how ForceHound automates the collection of profiles, permission sets, and connected apps to reveal the true trust boundaries of your Salesforce organization.
The post Auditing Salesforce Permission Hierarchies with ForceHound appeared first on NetSPI.
( 18
min )
As AI applications introduce a new class of infrastructure resources, visibility into what your IaC creates, where it runs, and whether it has drifted has never been more critical.
( 56
min )
TL;DR: Google published a blog post with accompanying rainbow tables targeting the Data Encryption Standard (DES) key space. The tables enable recovery of the NT hash used to generate the ciphertexts in NTLMv1 responses. We’ll dive into the tables, the recovery process, and ideally demystify any lingering questions. Acknowledgements There are many previous works on […]
The post Into The Rainbow: Google’s NTLMv1 Rainbow Tables Explained in a Bit Too Much Detail appeared first on SpecterOps.
( 15
min )
Jamf's new Bring Your Own Key (BYOK) feature gives organizations in regulated industries complete control over their encryption keys to protect sensitive data across Jamf Pro and cloud-hosted services.
( 6
min )
Extending the Wiz AI APP into the code layer to detect AI-specific risks at inception, validate exploitability at runtime, and orchestrate remediation with agents that understand your codebase
( 55
min )
What Are Shadow Admins in AD? A common problem we encounter within many customer AD environments are accounts that, at first glance, may appear innocuous, but that actually have hidden administrative privileges equivalent to those of a domain administrator account. We call these accounts shadow admins. They represent one of the most persistent shadow admin […]
The post Shadow Admins in Active Directory: Hidden Privilege Paths Attackers Exploit appeared first on Praetorian.
( 14
min )
BloodHound Query Library - queries.bloodhound.io - update details: import custom query sources & shipping with three OpenGraph extension sources (Jamf, GitHub, Okta), multi-server support, new queries including mappings to PurpleKnight, upcoming deprecation of system_tags conditions, built-in Cypher cheat sheet, and more.
The post What’s New in the BloodHound Query Library: BYOL, OpenGraph, Multi-Server, and More appeared first on SpecterOps.
( 12
min )
Get cliff notes from our three-part deep dive into the 2026 Threat Detection Report and watch every episode, on demand now.
( 28
min )
Build resilient GitHub Actions workflows with lessons from recent attacks like TeamPCP and Axios.
( 69
min )
Introducing Dedicated Internet Gateway, a better way to route traffic. Available with Jamf for Mac and Jamf for Mobile.
( 5
min )
Automation helps small IT teams reduce manual work, improve consistency, strengthen security and support growing Apple fleets without adding headcount.
( 9
min )
When we introduced blueprints to Jamf Pro and Jamf School, we introduced more than a feature. It's Jamf's approach to delivering declarative device management (DDM) capabilities — and how we'll continue to ship new ones as Apple's framework evolves.
( 11
min )
It's possible to improve employee experience and productivity without compromising control. Learn how to reduce downtime, empower users and keep devices secure and compliant.
( 9
min )
Gain a unified view of AI application endpoints and DNS exposure across your environment, including which are protected by Cloudflare and which need to be secured
( 54
min )
Identify stale, duplicated, and inefficient data — and take action to shrink both your storage spend and exposure surface.
( 53
min )
Understanding and defending your GitHub Actions - from threat model to security controls.
( 61
min )
AI just crossed a threshold. Anthropic’s Claude Mythos can discover and chain vulnerabilities at scale—faster than teams can remediate. What does this mean for your security program, your providers, and your ability to keep up before attackers do?
( 10
min )
A new integration gives teams an easy way to update Zscaler Internet Access (ZIA) network policies using Red Canary response actions.
( 27
min )
Elastic Security Labs uncovers a novel social engineering campaign that abuses the popular note-taking application, Obsidian's legitimate community plugin ecosystem. The campaign, which we track as REF6598, targets individuals in the financial and cryptocurrency sectors through elaborate social engineering on LinkedIn and Telegram.
( 43
min )
MacBook Neo lowers the cost barrier to Mac adoption, creating a clear path from first device to enterprise scale. Learn how to start your Mac deployment with Apple tools and discover how to grow with Jamf.
( 9
min )
﷽
( 7
min )
BloodHound has moved fast and not all courses have kept up. If you create or maintain a course or training that includes BloodHound, now is a good time to review your materials. BloodHound Community Edition (BHCE) has continued to evolve rapidly, with v8.9 releasing just last week. There have been many updates that apply to […]
The post BloodHound Has Changed. Your Course Probably Hasn’t. appeared first on SpecterOps.
( 12
min )
Indirect prompt injection lets attackers bypass LLM supervisor agents by hiding malicious instructions in profile fields and contextual data. Learn how this attack works and how to defend against it.
The post Bypassing LLM Supervisor Agents Through Indirect Prompt Injection appeared first on Praetorian.
( 16
min )
TL;DR: Ghostwriter v6.3.0 makes day-to-day operations faster and more integrated, with a redesigned activity log that ties actions directly to evidence and terminal recordings, dramatically faster installs via published container images, and built-in writing QA through passive voice detection. Alongside it, Ghostwriter CLI v1.0.0 standardizes deployment and configuration workflows. Together, these changes reduce operational friction […]
The post Ghostwriter v6.3.0 and CLI v1.0.0: New Activity Logging, Faster Installs, and Better Writing QA appeared first on SpecterOps.
( 16
min )
Anthropic's new model can autonomously discover zero-days and develop working exploits. While access is currently limited to responsible actors, now is the time to strengthen response playbooks, reduce exposure, and incorporate AI into security programs.
( 61
min )
Keyloggers: A Persistent Threat Nowadays, virtually all digital services rely on logins and authentication, from email inboxes to help desks. These involve login credentials to prove identity, typically at least a username and a password. Initially, this information is confidential from a potential attacker. While a username can be relatively easy to guess in a … Continue reading Security’s Blind Spot: Physical Keyloggers That Bypass Antivirus Entirely →
( 16
min )
Cloud risk doesn’t live in a single permission, it lives in the relationships between them. Discover how Cirro maps hidden attack paths across Azure identities, resources, and data to reveal what attackers actually see.
( 11
min )
Insights from public incidents, cloud telemetry, and investigations into how cloud risk evolved in 2025
( 51
min )
Giving developers and security teams a shared view of application risk as it evolves.
( 52
min )
TL;DR Introduction There is a widely held belief that penetration testing Operational Technology networks is impossible. That simply connecting a laptop to a network will take down everything. That running nmap will take down a factory. That the only safe approach is to not test at all. This belief is wrong. Or rather, it is a massive […]
The post You can pen test OT networks without breaking them appeared first on Pen Test Partners.
( 11
min )
An overview of the Elastic Security and AI infrastructure deployed to support the UK Ministry of Defence's flagship cyber exercise, Defence Cyber Marvel 2026.
( 57
min )
RSA Conference 2026 highlighted how AI is reshaping security operations and introducing new risks while Mac and mobile adoption continues to accelerate in the enterprise — reinforcing the need for connected, identity-driven security platforms. Find out more.
( 9
min )
Bishop Fox researchers expanded on Fortinet's disclosure of CVE-2026-35616 by identifying the root cause via the released hotfix.
( 12
min )
More power for bug hunters An education-first approach to bug bounty Rewards on Meta's Bug Bounty Platform Our shared vision Ready to get started? We’re excited to announce a new partnership with Meta
( 3
min )
The Kill Chain models how an attack succeeds. The Attack Helix models how the offensive baseline improves. The Tipping Point One person. Two AI subscriptions. Ten government agencies. 150 gigabytes of sovereign data. In December of 2025, a single unidentified operator used Anthropic’s Claude and OpenAI’s ChatGPT to breach the Mexican government agencies and a financial institution. […]
The post The Attack Helix: Praetorian Guard’s AI Architecture for Offensive Security appeared first on Praetorian.
( 21
min )
A trusted package turned into an attacker’s gateway overnight. The Axios supply chain breach shows how quickly risk can spread—and why security leaders must rethink trust in modern development.
( 7
min )
GoClipC2: A covert Windows clipboard-based C2 channel for VDI/RDP environments. Bypasses network monitoring with encrypted Base64 messaging.
( 10
min )
GoClipC2: A covert Windows clipboard-based C2 channel for VDI/RDP environments. Bypasses network monitoring with encrypted Base64 messaging.
( 10
min )
No content preview
( 7
min )
In this blog, we are excited to announce our white paper on Return on Mitigation (RoM), a framework we designed to quantify the financial impact of security programs in a way that speaks to business leaders.
( 6
min )
No content preview
( 4
min )
What if your security program could self-optimize: analyze trends, identify weak points, and proactively propose actionable steps to strengthen defenses? With HackerOne Recommendations, it can.
( 5
min )
What are Hackbots and how are they impacting vulnerability discovery and the researcher community?
( 6
min )
The new DORA regulation: everything your organization needs to know about its impact and how to comply.
( 5
min )
The term “special relationship,” coined by Winston Churchill, describes the close, longstanding alliance between the United States and the United Kingdom. It has been applied to cooperation during war, to trade and commerce, and even to intelligence sharing. That special relationship has clearly influenced the two nations’ recent policy papers on national cybersecurity. The U.K. […]
The post Protecting Critical Infrastructure: A Tale of Two National Cybersecurity Strategies appeared first on Synack.
( 7
min )
Scoping Adventures is a series of blogs about some of the more interesting penetration tests that the Synack Customer Success teams have worked on over the last few months. Each blog outlines how we engage with the client to achieve the best results from a pentest. Pentesters love colors—red, blue, purple, black, white and grey […]
The post Scoping Adventures: How to Get the Most Out of Your Synack Pentesting appeared first on Synack.
( 11
min )
The Synack Platform & Five Pillars of Strategic Pentesting Why You Need to Think Strategically It’s no great revelation that tactics, techniques, and procedures utilized by nefarious hackers hacking activities are evolving on a daily basis. In 2022, 18,828 common vulnerabilities and exposures (CVEs) were published. At the same time, organization attack surfaces are expanding. […]
The post Applying Strategic Thinking in Your Pentesting Program appeared first on Synack.
( 7
min )
One week ago, the Biden administration unveiled its long-awaited U.S. National Cybersecurity Strategy, with an eye toward centralizing government cyber resources and holding IT vendors more accountable for their digital defenses. Now that the ink is dry on the 35-page document, top officials like Acting National Cyber Director Kemba Walden are busy putting it into […]
The post The U.S. has a new cybersecurity strategy. What’s next for CISOs? appeared first on Synack.
( 7
min )
