API in Focus: Three Types of "Corpses" and One New Hope
Using APIs helps build such architectures, and some teams even practice API-first development. And when there is such development around us, we as security professionals…
Security
Discover the latest news, reviews, and best practices in information security. Stay updated on cybersecurity threats, protection strategies, and innovations in safeguarding data
"What will we do when a breach happens?": Preparing for incidents in advance using video games as an example
Hello, Habr! My name is Askar Musaev, I am a business continuity expert at Infostroy Jet. In this article, I will discuss how to systematically assess a company's readiness…
How We Tamed a Thousand Telegram Chats and Achieved a 98% Client SLA
Telegram has long been our primary communication channel with clients. It's fast, familiar, and doesn't require creating separate portals, filling out logins-passwords,…
Why the plan to "replace AI developers" is turning into technical debt and a staffing crisis
The plan to "replace AI developers" has failed. Here are the numbers
Applying Formal Methods to Hyperledger Fabric Chaincodes: The BaseToken Case
Good day! My name is Kirill Ziborov, and I represent the Distributed Systems Security Department of Positive Technologies. In this article, I will continue to discuss…
Why a commercial SOC is not Netflix: what to know before connecting monitoring
You signed a contract with a commercial SOC and think you can now relax? Not so fast. Many companies buy security monitoring as a service hoping it will solve all their…
Akurative Landing: 5 Backup Mistakes That Could Cost You Your Infrastructure
Imagine: you jump from a plane, pull the ring, and instead of a parachute, a note flies out saying, "404: Not Found." In IT infrastructure, backup is just like that parachute.…
How the method of quantum key distribution on sidebands was born and grew
LLC "SMARTS-Quanttelecom" is engaged in the development and implementation of quantum key distribution systems aimed not at laboratory experiments but at real telecommunications…
Evolution of Malware File Loading or How Hackers Transitioned from File Systems to RAM
Standard obfuscation no longer protects against security systems. Today, the battle for stealth is fought at the level of system calls and real-time library manipulations.…
How personal data leaks from non-prod: four real scenarios
Today Dmitry Larin, head of the database protection product line, and Anastasia Komarova, product marketing manager at Garda, are in touch.
OSINT for the Lazy. Part 3: How to Ask Questions to Get Answers
Have you ever been asked questions like: How to make it all happen? and you were like: What?!
Security Week 2607: Details of the Notepad++ User Attack
Last week's important news was the report of a breach in the Notepad++ text editor updates. According to the developers, the update mechanism was compromised, specifically…
How to Prevent Prompt Injections
Prompt injections are often perceived as a specific vulnerability or security issue. In reality, this is just one of the most illustrative examples of architectural limitations…
From "we have fixed the vulnerability" to "we control the situation": the evolution of cybersecurity communication language
Hello! My name is Polina Morozova, I am a PR expert at SCAN-Interfax, and I deal with external communications. Imagine a situation where your company has faced a cyberattack,…
Prompt Worms Part 2: I Practiced and Found 31 Vulnerabilities in the AI Agent Ecosystem
In the first part, we discussed the theory of Prompt Worms—self-replicating attacks via AI agents. OpenClaw was named the "perfect carrier." In this part, I put it into…
How password encryption came about
the first and several subsequent versions of the mathematical library;
What is "IB strategy" that Business will understand
What is "IB strategy" that Business will understand
