Among exposed were secrets, code and AI training data
We describe the leak and mention its causes and threats, talk about the possible security risks when using Azure SAS tokens and give advice to prevent leaks.
Towards an approach that engages more than SCA and SBOM
Understand what a comprehensive software supply chain security approach should aim at and why it is crucial to implement it during your company's SDLCs.
What is invisible to some hackers is visible to others
Here we present in detail a vulnerability we discovered in PaperCut MF/NG v22.0.10, along with the steps to follow to replicate the exploit.
Toyota's ancient and recently disclosed data leaks
We describe the data leaks recently disclosed by Toyota Motor Corporation lasting five, eight and ten years.
Why so many are switching to Rust
Memory-related security issues are common and often critical. To reduce their presence, ongoing projects are writing in memory-safe languages like Rust.
A roadmap for developing and releasing secure software
CISA and other agencies published a guide encouraging organizations to offer their customers secure-by-design and secure-by-default products.
Injecting JS into one site is harmful, into all, lethal
In this blog post, we present in detail a vulnerability we discovered in Rushbet v2022.23.1-b490616d, along with the steps to follow to replicate the exploit.
Our CLI is an approved AST tool to secure cloud apps
Fluid Attacks' automated tool is recommended by the App Defense Alliance for static scanning under the Cloud Application Security Assessment (CASA) framework.
Nuestro CLI fue aprobado para asegurar apps en la nube
Nuestra herramienta automatizada es recomendada por App Defense Alliance para el escaneo estático bajo el marco Cloud Application Security Assessment (CASA).