Twilio’s breach through a sophisticated phishing attack targeting employees raises hard questions about SMS-based authentication and supply chain trust.
Cloudflare mitigated the largest HTTPS DDoS attack ever recorded at 26 million requests per second. The Mantis botnet represents a new generation of volumetric threats.
A critical RCE vulnerability in Spring Framework has the internet in panic mode, but the actual risk profile is more nuanced than the Log4Shell comparisons suggest.
The Lapsus$ hacking group has breached both Okta and Microsoft, exposing critical weaknesses in identity provider security and third-party access management.
The Linux Foundation’s new Alpha-Omega Project, backed by Google and Microsoft, aims to systematically improve the security of critical open source software.