Attacker publishes .bash_history: watch without registration and SMS
Supply Chain Security team of the expert security center sent a report to the npm registry administration about a fun little campaign against Apple, among them:
Supply Chain Security team of the expert security center sent a report to the npm registry administration about a fun little campaign against Apple, among them:
Hi tekkix! This is Stanislav Gribanov, I am the NDR product lead at Garda, author of the blog "Cybersecurity and Product Expertise for Businesses".
Backups used to be the last line of defense. Now they are the first attack target: modern ransomware operators access backup storage before touching working data, because…
Gathering information about a person or product using advanced technology has become a trivial technical task, both literally and figuratively. However, such data scraping…
Hello tekkix! My name is Denis Ulyanov, I have been in IT for 12 years, and for the past year and a half I lead the Antibot team at Wildberries.
Building a corporate messenger in-house: exploring potential pitfalls with data and real experience, without drama. It's not always a bad idea; sometimes it's the right…
We've gathered the most interesting CVEs of April in our traditional roundup. Critical vulnerabilities under RCE were noted last month by Microsoft Azure and Bing, as…
In penetration testing, people often try to enter through a list of tools: learn Burp, run Nmap, complete a couple of labs, and wait for the first real task. In 2026,…
I’ll make it clear right away: this is not a walkthrough. There won’t be a step-by-step breakdown of the exam, spoilers about machines, or any secret techniques. I don’t…
Many APIs still expose incremental IDs in URLs - one curl in a loop, and the attacker has the entire table. This is exactly what APCOA fell victim to in April 2025. I…
Researchers from Kaspersky Lab examined the tactics of malware distribution through the official App Store for Apple devices.
In recent years, hybrid infrastructure has become the de facto standard. Companies are moving critical services to Azure, AWS, Google Cloud, or Yandex.Cloud while leaving…
Are your logs filled with login attempts on .env, .git, and wp-login.php? While the bot is knocking on Nginx, your server is already wasting precious resources. I decided…
On April 8, 2026, WireSock Secure Connect 3.4.4 - the first official release of the 3.x branch - was released.
The history of biometric dermatoglyphics on the human fingertip has been studied in detail and published hundreds, if not thousands, of times in both brief and detailed…
What is junk? Junk is what you keep for years and throw away just before you need it.
Here is the PT Cyber Analytics team. In this article, we will talk about the work of analysts in cybersecurity projects, show what makes this profession attractive, and…
The client carefully selected the system but forgot to prepare the infrastructure in the organization. We will analyze the mistake, the consequences, and how to avoid…