Risk Discovery

Impart Security

Custom Client Identifiers: Smarter Client Tracking for Security Teams | Impart Security

Introducing Rule Builder: Powerful Protection Without Coding | Impart Security

New Integration: Impart + Claude | Impart Security

🚀 Agentic Runtime Protection Rules Makes Us the First Truly Self-Writing Security System | Impart Security

Design, implement, and deploy application protection policies with Cursor Agent | Impart Security

Permiso

Permiso Security Wins 'most promising early-stage Startup' at 2025 SC Awards

Introducing the Permiso Platform: Threat-Informed Risk Exposure with Best In Class Threat Detection for Human and Non-Human Identities

Rippling Lawsuit Shows How Search Terms Portray Intent of Threat Actors

Understanding Elevate Access mechanism, its implementation, and logs where activities are recorded

RansomWhen - An open-source tool to help defenders counter KMS-based ransomware

Unused Cloud Regions: How Threat Actors Abuse Unsupported Cloud Regions

Compromising Non-Human Identities Stored In Serverless Environment Variables

Permiso Releases Suite of Open-Source Tools to Bolster Detection Capabilities for Past,Present and Future Attacks

CAPICHE - Simplify cloud API detection rules and hunting from groupings of APIs

BucketShield is a monitoring and alerting system built for AWS S3 buckets and CloudTrail logs

Trend Micro Research, News, Perspectives

Fake CAPTCHA Attacks Deploy Infostealers and RATs in a Multistage Payload Chain

Trend Secures AI Infrastructure with NVIDIA

Using Agentic AI & Digital Twin for Cyber Resilience

Earth Ammit Disrupts Drone Supply Chains Through Coordinated Multi-Wave Attacks in Taiwan

Trend Micro Puts a Spotlight on AI at Pwn2Own Berlin

Maritime Cybersecurity: Threats & Regulations Loom

Agenda Ransomware Group Adds SmokeLoader and NETXLOADER to Their Arsenal

Exploring PLeak: An Algorithmic Method for System Prompt Leakage

Earth Kasha Updates TTPs in Latest Campaign Targeting Taiwan and Japan

NVIDIA Riva Vulnerabilities Leave AI-Powered Speech and Translation Services at Risk

Digtial Shadows

Security Operations - Sophos

A familiar playbook with a twist: 3AM ransomware actors dropped virtual machine with vishing and Quick Assist

Lumma Stealer, coming and going

NICKEL TAPESTRY expands fraudulent worker operations

Moving CVEs past one-nation control

Sophos Annual Threat Report appendix: Most frequently encountered malware and abused software

The Sophos Annual Threat Report: Cybercrime on Main Street 2025

It takes two: The 2025 Sophos Active Adversary Report

Qilin affiliates spear-phish MSP ScreenConnect admin, targeting customers downstream

Stealing user credentials with evilginx

Sophos MDR tracks two ransomware campaigns using “email bombing,” Microsoft Teams “vishing”

Sumo Logic

Qualys Security Labs

Building Confidence in Cyber Essentials Compliance with Qualys Policy Audit

Simplifying DORA Compliance with the Qualys Enterprise TruRisk Platform

Fileless Execution: PowerShell Based Shellcode Loader Executes Remcos RAT

Microsoft and Adobe Patch Tuesday, May 2025 Security Update Review

Security, Uninterrupted: Inside Qualys’ Zero-Touch Security Vision with Qualys Cloud Agent

Inside LockBit: Defense Lessons from the Leaked LockBit Negotiations

Powering the Future of Cyber Risk Management: Welcoming Our First mROC Alliance Members

Bridging the Gap: How Qualys Simplifies NCA ECC 2024 Compliance for Businesses

Remediate Risk Without the Roadblocks: Automate with Qualys Flow

Guard Against GenAI and LLM Risks from Development to Deployment with Qualys TotalAI

SecurityTrails

Leveraging the Power of Newly Observed Domains in Cybersecurity

A Practical Guide to Investigating IoT Devices with the SecurityTrails API

Enhancing Threat Modeling: Leveraging Security APIs for Proactive Defense

How to Use Machine Learning and the SecurityTrails API to Improve Your Security Research

How to Use the SecurityTrails Associated Domains and Associated IPs Endpoints to Find New Bug Bounty Targets

The ROI of Security APIs: Investing in Protection and Peace of Mind

Security APIs for Blue Teamers: Advancing Detection Engineering

Unleashing the Power of APIs: Revolutionizing Threat Hunting in the Digital Landscape

From IT Support to Bug Bounty Hunting: A Journey into Cybersecurity with CJ Fairhead

How to Track the Movement of Malicious Actors Using Historical WHOIS Data

Sekoia.io

ViciousTrap – Infiltrate, Control, Lure: Turning edge devices into honeypots en masse.

Detecting Multi-Stage Infection Chains Madness

Interlock ransomware evolving under the radar

The evolution of the AI SOC: From Hype to Hyper

From Contagious to ClickFake Interview: Lazarus leveraging the ClickFix tactic

ClearFake’s New Widespread Variant: Increased Web3 Exploitation for Malware Delivery

Detection engineering at scale: one step closer (part three)

PolarEdge: Unveiling an uncovered ORB network

Cyber threats impacting the financial sector in 2024 – focus on the main actors

Sekoia.io achieves ISO 27001 compliance

Talos

Ghosted by a cybercriminal

UAT-6382 exploits Cityworks zero-day vulnerability to deliver malware

Duping Cloud Functions: An emerging serverless attack vector

Microsoft Patch Tuesday for May 2025 — Snort rules and prominent vulnerabilities

Defining a new methodology for modeling and tracking compartmentalized threats

Redefining IABs: Impacts of compartmentalization on threat tracking and modeling

The IT help desk kindly requests you read this newsletter

Spam campaign targeting Brazil abuses Remote Monitoring and Management tools

Proactive threat hunting with Talos IR

CloudFlare

Resolving a request smuggling vulnerability in Pingora

Bringing connections into view: real-time BGP route visibility on Cloudflare Radar

Performance measurements… and the people who love them

Your IPs, your rules: enabling more efficient address space usage

Vulnerability transparency: strengthening security through responsible disclosure

Forget IPs: using cryptography to verify bot and agent traffic

First-party tags in seconds: Cloudflare integrates Google tag gateway for advertisers

QUIC restarts, slow problems: udpgrm to the rescue

Scaling with safety: Cloudflare's approach to global service health metrics and software releases

Thirteen new MCP servers from Cloudflare you can use today

Tenable Network Security

How Identity Plays a Part in 5 Stages of a Cyber Attack

Cloud Data Protection: How DSPM Helps You Discover, Classify and Secure All Your Data Assets

How Exposure Management Can Efficiently and Effectively Improve Cyber Resilience for State and Local Governments

We’re Answering Your Exposure Management Questions

Cybersecurity Snapshot: Reports Highlight Promise and Peril of Open Source AI and of Emerging Cryptography Methods

A Unified Approach to Exposure Management: Introducing Tenable One Connectors and Customized Risk Dashboards

CVE-2025-32756: Zero-Day Vulnerability in Multiple Fortinet Products Exploited in the Wild

CVE-2025-4427, CVE-2025-4428: Ivanti Endpoint Manager Mobile (EPMM) Remote Code Execution

Microsoft’s May 2025 Patch Tuesday Addresses 71 CVEs (CVE-2025-32701, CVE-2025-32706, CVE-2025-30400)

Detecting Remote Monitoring and Management Tools Used by Attackers

AquaSec

Mainframes Are the New AI Infrastructure. Protect it with Secure AI

Shadow Roles: AWS Defaults Can Open the Door to Service Takeover

What’s Really Happening in Your Containers? Aqua’s Risk Assessment Has the Answer

Aqua Security Achieves FedRAMP® High Authorization

Tomcat in the Crosshairs: New Research Reveals Ongoing Attacks

Cut Through Alert Noise and Fix Toxic Combinations First

IngressNightmare Vulnerabilities: All You Need to Know

How the Google-Wiz acquisition redefines cloud security

Supply Chain Security Risk: GitHub Action tj-actions/changed-files Compromised

Stopping Sobolan Malware with Aqua Runtime Protection

Kolide

How Commonlit Balances Student Security and Employee Privacy

Watershed Thinks Big to Keep a Small Team Secure

How Clio Practices Security With a Culture of Trust

For Databricks, Zero Trust Means Putting End Users First

Cloud Security Partners

WordPress Security Cheatsheet

This Month in Security: April 2025

Red Team Reloaded: Hacking AI Applications

Breaking Into AppSec: Hack Your Way Into Cybersecurity!

Happy AppSec New Year - 2024 Recap

Analyzing access to S3 buckets

Software Bill of Materials: Understanding What You’re Actually Running

Preventing Overreliance: Proper Ways to Use LLMs

Ignore Previous Instruction: The Persistent Challenge of Prompt Injection in Language Models

Introduction to LLM Security

© 2024 RiskDiscovery | Sponsored by: Deception Logic