WebRTC Skimmer Bypasses CSP to Steal Payment Data from E-Commerce Sites
Ravie LakshmananMar 26, 2026Malware / Web Security Cybersecurity researchers have discovered a new payment skimmer that uses WebRTC data channels...
Blog
Pawn Storm Campaign Deploys PRISMEX, Targets Government and Critical Infrastructure Entities
Attribution analysis Based on technical artifacts, infrastructure overlaps, and victimology, TrendAI™ Research attributes this campaign to Pawn Storm with high confidence. This...
Enhancing User Experience with Passwordless Authentication: A Design-First Approach
Passwords were meant to protect users. Instead, they’ve become one of the biggest sources of friction in digital products....
Virtual machines, virtually everywhere – and with real security gaps
Twenty years ago, almost to the day, Amazon Web Services (AWS) launched Simple Storage Service (S3). A few months later, the company’s...
Entropy-Rich Synthetic Data Generation for PQC Key Material
Understanding the core of the sso server Ever wonder why you don't gotta type your password fifty times a...
What the UK Cyber Security & Resilience Bill Means for Security Practitioners
The UK Cyber Security & Resilience Bill is progressing through Parliament Royal Assent expected later in 2026. The UK’s...
What the UK Cyber Security & Resilience Bill Means for Security Practitioners
The UK Cyber Security & Resilience Bill is progressing through Parliament Royal Assent expected later in 2026.The UK's Cyber Security...
Russian national convicted for running botnet used in attacks on U.S. firms
Russian national convicted for running botnet used in attacks on U.S. firms Pierluigi Paganini March 25, 2026 A Russian hacker...
Is your AI security scalable?
What Does Scalable AI Security Mean for Non-Human Identities? When organizations increasingly transition to the cloud, the question that...
RSAC 2026 Proved the Industry Agrees on the Problem — Now Comes the Hard Part
I spent RSAC 2026 doing what I do every year: walking the floor, talking to vendors, and — more importantly...
When Your Scanner Becomes the Weapon: From Trivy to LiteLLM
On March 24, 2026, two malicious versions of LiteLLM – the popular AI/LLM proxy gateway present in roughly 36%...
Patch now: TP-Link Archer NX routers vulnerable to firmware takeover
Patch now: TP-Link Archer NX routers vulnerable to firmware takeover Pierluigi Paganini March 25, 2026 TP-Link patched a high severity...
How GitGuardian Enables Rapid Response to the LiteLLM Supply Chain Attack
The TeamPCP supply chain attack compromised LiteLLM packages 1.82.7 and 1.82.8, stealing SSH keys, cloud credentials, API tokens, and...
Before the Lights Go Out
How the ColorTokens Xshield platform and its integrated ecosystem stand between North America’s power grid and digital adversaries. Note:...
Vicarius Launches vIntelligence, a Second Flagship Product for Continuous Agentic Validation
Vicarius has announced vIntelligence, a second flagship product that adds continuous agentic validation to the company’s security portfolio. The...