Cybersecurity Landscape

Cloudflare mitigated the largest HTTPS DDoS attack ever recorded at 26 million requests per second. The Mantis botnet represents a new generation of volumetric threats.

Heroku’s OAuth token breach exposes the fragile trust chain in platform-as-a-service dependencies and what it means for developers.

The Lapsus$ hacking group has breached both Okta and Microsoft, exposing critical weaknesses in identity provider security and third-party access management.

As conflict erupts in Ukraine, destructive wiper malware targeting critical infrastructure signals a new chapter in state-sponsored cyber operations.

The OWASP Top 10 gets its first update since 2017, and the changes reflect how fundamentally our attack surface has evolved.

The OMIGOD vulnerabilities in Azure’s silently-installed OMI agent expose a troubling pattern: cloud providers deploying software on your VMs without your knowledge or consent.

WhatsApp’s updated privacy policy drives millions to Signal, highlighting the growing demand for privacy-respecting open-source alternatives.

A joint NSA/CISA advisory details 25 CVEs actively exploited by Chinese state-sponsored actors. The uncomfortable truth: most are well-known and patchable.

Home IoT device sales have surged during lockdowns, and every one of those devices just joined a corporate network via VPN. The security implications are significant.

Apple and Google collaborate on a Bluetooth-based exposure notification system that puts privacy-preserving architecture front and center.

Zoom’s explosive pandemic-driven growth is exposing serious security and privacy issues. The ‘Zoombombing’ phenomenon is just the tip of the iceberg.

The Washington Post reveals the CIA secretly owned Crypto AG for decades, selling compromised encryption to governments worldwide. The supply chain trust implications are staggering.