The use of AI in academic journals is becoming more prevalent, and it is proving difficult to detect. Some authors are using AI to generate text, figures, images, or data for their papers, but they fail to disclose the use of AI. Journals are taking different approaches to address this issue. For example, the JAMA...Read More

attack is a supply chain attack method that allows hackers to hijack popular abandoned libraries in Java and Android applications, potentially injecting malware into them. This attack exploits the vulnerabilities of these libraries, which are still in use despite being abandoned. The attack targets dependency repositories, such as google() and mavenCentral. Key points about the...Read More

Software Supply Chain Security (SSCS) is the practice of implementing security measures and best practices throughout the entire software development and distribution process to mitigate risks and vulnerabilities. It encompasses various components, activities, and practices involved in the creation and deployment of software, including proprietary and third-party code, development and delivery infrastructure, APIs, and more....Read More

Two-factor authentication (2FA) is an extra layer of security used when logging into websites or apps. With 2FA, users have to log in with their username and password and provide a second form of authentication, such as a code generated by an application on their mobile device or a text message. This additional step makes...Read More

Three malicious Chrome extensions, posing as VPNs, were force-installed 1.5 million times, causing significant concern for users’ security. These extensions, netPlus (1 million installs), netSave, and netWin (500,000 installs), were found to be browser hijackers, cashback hack tools, and data stealers. The malicious extensions were spread via an installer hidden in pirated copies of popular...Read More

A browser extension is a small software application designed to enhance the functionality of a web browser. Monitoring the installed browser extensions is crucial for ensuring their secure use within your organization. Browsers typically allow users to install a variety of extensions, including user interface modifications, cookie management, ad blocking, and the custom scripting and...Read More

Receiving an unprompted one-time passcode (OTP) sent as an email or text should be a cause for concern as it likely means your credentials have been compromised. One of the initial components of a cyberattack is the theft of legitimate credentials to corporate networks for data theft, which can be stolen in phishing attacks, credential...Read More

In a recent surge of BazarCall attacks, cybercriminals have adopted a novel approach by utilizing Google Forms to generate and dispatch payment receipts to their unsuspecting victims. This innovative tactic is designed to enhance the perceived legitimacy of the phishing attempt, thereby increasing the likelihood of success. First identified in 2021, BazarCall is a phishing...Read More

A new solution has been introduced to address the essential third-party risk management for Software as a Service (SaaS). This solution aims to help organizations mitigate the risks associated with using SaaS providers, which often must be managed through compensating controls in the customer’s organization. Organizations using SaaS services often have less detailed risk information...Read More

The digital landscape is constantly changing, and it is important to regularly reassess how we protect web environments. While traditional antivirus solutions have their benefits, they are reactive in nature. This means that they are designed to respond to threats after they have already infiltrated a system. As a result, they may not be effective...Read More