Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

This week’s briefing covers: New MORE_EGGS campaign continues recruiting themes KTA032 (FIN6) has begun a new campaign using the MORE_EGGS JavaScript backdoor which continues its themes surrounding fake resumes leading to the malware deployment. The actor engaged with organization recruiters which led to emails containing a malicious domain (often containing the fake applicant’s first and last name). The domain contains several defense evasion techniques to avoid automated analysis tools from scanning.

CSRF is a web security vulnerability that tricks users into performing unwanted actions on a website where they are already authenticated like changing account settings or making a purchase without their knowledge. In this video, we explain how CSRF attacks work and how attackers exploit user trust to hijack authenticated sessions.

Mend.io, formerly known as Whitesource, has over a decade of experience helping global organizations build world-class AppSec programs that reduce risk and accelerate development -– using tools built into the technologies that software and security teams already love. Our automated technology protects organizations from supply chain and malicious package attacks, vulnerabilities in open source and custom code, and open-source license risks.

Most vulnerability tools flood teams with static scores and long lists but ExPRT.AI changes the game by predicting what adversaries are most likely to exploit. This demo drill down shows how ExPRT.AI dynamically scores risk across asset types, network exposures, and third-party findings. You’ll see how it re-prioritizes vulnerabilities based on real-world telemetry, attacker behavior, and environmental context including a Tenable example.