Threat intelligence & exposure research
Field notes, incident postmortems, and data from the open and dark web.
Supply chain attacks: why the bill is heading toward $138 billion
Cybersecurity Ventures predicts supply chain attack damages will reach $138 billion by 2031. We look at the real numbers behind software supply chain risk in 2024.
Infostealer malware: the $10 cookie that bypasses your MFA
Infostealer infections are surging. Malware like RedLine, Raccoon, and Lumma steal session cookies, credentials, and crypto wallets — then sell the logs on dark-web markets for as little as $10.
Leaky buckets and open databases: cloud misconfiguration by the numbers
Cloud misconfigurations remain one of the top causes of data exposure. From open S3 buckets to unauthenticated MongoDB instances, here's what the 2023-2024 data actually shows.
MOVEit and Clop: how one SQL injection exposed 77 million people
The Clop ransomware gang exploited a zero-day SQL injection in Progress Software's MOVEit Transfer to breach over 2,600 organizations and steal data belonging to 77 million individuals. Here's how the attack unfolded.
Okta's November 2023 breach: when every customer record was exposed
Identity giant Okta disclosed that hackers accessed data on every customer in a November 2023 support-system breach. For an identity provider, the stakes could not be higher.
Verizon DBIR 2024: stolen credentials drove 1 in 3 breaches
The 17th edition of Verizon's Data Breach Investigations Report analyzed 30,458 security incidents and 10,626 confirmed breaches across 94 countries. The credential story is the one that should keep you up at night.
12.8 million secrets leaked on GitHub in 2023 — what the data tells us
GitGuardian's State of Secrets Sprawl 2024 report found 12.8M new secrets in public GitHub commits, up 28% year over year. Here's what those numbers mean for your exposure surface.
Five years, one GitHub key: the Toyota T-Connect leak in detail
A Toyota subcontractor accidentally published T-Connect source code containing a database access key to a public GitHub repo. It stayed exposed for almost five years and put 296,019 customers at risk.