Cisco’s 2025 EMEA Cybersecurity Defender of the Year award goes to the team at SAP Enterprise Cloud Services, who raised the bar for overall security posture.
Cisco’s 2025 EMEA Cybersecurity Defender of the Year award goes to the team at SAP Enterprise Cloud Services, who raised the bar for overall security posture.
In mid-2019, the e-commerce website Storenvy suffered a data breach that exposed millions of customer records. A portion of the breached records were subsequently posted to a hacking forum with cracked password hashes, whilst the entire corpus of 23M rows was put up for sale. The data contained 11M unique email addresses alongside usernames, IP addresses, the user’s city, gender date of birth and original salted SHA-1 password hash.
Connected devices make up one of the largest attack surfaces on the modern Internet. Billions of devices, many with little to no consideration given to their secure operation, controlling everything from sewage treatment systems to safety-critical vehicle functions. As a result, security research on the low-level firmware that control these devices has become more important than ever. But how is a research to get access to closed-source firmware for proprietary hardware to begin with? One method that we have been using for some ongoing research is intercepting firmware from updater apps that use Bluetooth to perform over-the-air updates.
We recently released Security Onion 2.4.120: https://blog.securityonion.net/2025/02/security-onion-24120-now-available.html In that blog post, we mentioned that Security Onion 2.4.120 includes a new […]
A denial-of-service (DoS) attack is a security threat that occurs when an attacker makes it impossible for legitimate users to […]
In February 2025, the “doxing” website Doxbin was compromised by a group calling themselves “TOoDA” and the data dumped publicly. Included in the breach were 336k unique email addresses alongside usernames. The data was provided to HIBP by a source who requested it be attributed to “emo.rip”.
In June 2024, the investment research company Zacks was allegedly breached, and data was later published to a popular hacking forum. This comes after a separate Zacks data breach confirmed by the organisation in 2023 with the subsequent breach disclosing millions of additional records representing a superset of data from the first incident. The 2024 breach included 12M unique email addresses along with IP and physical addresses, names, usernames, phone numbers and unsalted SHA-256 password hashes. Zacks did not respond to multiple attempts to contact them about the incident.
February’s report on Microsoft patches includes 56 vulnerabilities, two of which are zero-day flaws that have been exploited.
Security Onion 2.4.120 is now available including lots of new features and updates! 2.4.120 Sneak Peek Video We recently added a […]
How Injection Attacks Exploit Web Application Vulnerabilities Injection attacks occur when malicious input is inserted into a web application, exploiting vulnerabilities in unvalidated user input to execute unintended commands. Attackers craft payloads that manipulate how the application processes data, often leading to unauthorized access, data…
Read more
The post Understanding Injection Attacks in Application Security: Types, Tools, and Examples appeared first on Acunetix.