Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Recently, our team came across an alert involving mshta.exe, a native Windows tool that attackers commonly exploit for malicious purposes. MSHTA (Microsoft HTML Application Host) is a well-known LOLBin (Living-Off-The-Land Binary). This means it is a legitimate system tool that can be abused and can blend in with normal activity. MSHTA can execute remote HTML applications or JavaScript content directly from a URL.

External attack surfaces have never been more sprawling, or more vulnerable. As organizations increasingly rely on dynamic, cloud-based infrastructures, and third-party services, digital footprints are only going to carry on growing. So, it’s no surprise many are turning towards External Attack Surface Management (EASM) tools for more visibility into both known and unknown assets. But what should you be looking for in a solution?

When developing a web application, dev teams can choose from two fundamental design patterns: Single-Page Applications (SPAs) or traditional Multi-Page Applications (MPAs). Deciding which one to use can depend on multiple factors, but more and more companies are developing SPAs since they can provide a smoother user experience (UX), which, in turn, might just result in better user adoption.

Modern cloud ecosystems often place a single identity provider in charge of handling logins and tokens for a wide range of customers. This approach certainly streamlines single sign-on (SSO) for end users, but it also places enormous trust in a single set of signing keys. If those private keys are compromised, attackers can create tokens that appear valid to any service that relies on them.

By integrating Cisco’s Firepower Threat Defense (FTD) with Splunk’s analytics platform, your security team immediately gains comprehensive, organization-wide visibility into network threats far beyond what any single firewall can detect alone. Yet, despite the critical need to bridge network and security data, many organizations still deploy perimeter defenses like Cisco's FTD but struggle to convert its rich telemetry into actionable insights useful to a SOC.

Modern application environments are increasingly complex, combining containers, microservices, CI/CD pipelines, and ephemeral compute. While Static Application Security Testing (SAST) and Software Composition Analysis (SCA) can uncover vulnerabilities during build time, they often leave a critical gap: runtime security flaw detection and determining whether a detected flaw is actually exploitable and running in production.

AI security is one of the most pressing challenges facing the world today. Artificial intelligence is extraordinarily powerful, and, especially considering the advent of Agentic AI, growing more so by the day. But it is for this reason that securing it is so important. AI handles massive amounts of data and plays an increasingly important role in operations; should cybercriminals abuse it, the consequences can be dire.

Marbled Dust exploits a zero-day vulnerability in Output Messenger, a sophisticated phishing campaign uses Horabot malware, and TA406 shifts its targeting behavior.

The summer travel season is almost here, and travelers worldwide are in the process of booking their holidays, thus placing some of their most vital personal and financial information into the hands of the hospitality industry. A fact not lost to threat actors who thrive on gaining access and stealing this data.

The boy who cried wolf goes back to a fable where a shepherd boy mocked the other villagers by telling them that a wolf was attacking the flock. The villagers believed him at first, but he was just laughing with them. When the shepherd boy repeated his joke, villagers started to ignore him and at some point a real wolf comes and attacks the sheep. The boy ‘cried wolf’ but nobody believed him anymore.