Our research examines vulnerabilities that affect Large Language Model (LLM) powered agents with code execution, document upload, and internet access capabilities. This is the second part of a series diving into the critical vulnerabilities in AI agents.
This introductory post kicks off a blog series on AI agent vulnerabilities, outlining key security risks like prompt injection and code execution, and sets the stage for future parts, which will dive deeper into issues such as code execution flaws, data exfiltration, and database access threats.
We dive into one of the most sophisticated and impactful ecosystems within the global cybercrime landscape. Our research looks at tools and techniques, specialized forums, popular services, plus a deeply ingrained culture of secrecy and collaboration.
Stolen certificates and private keys could be weaponized by cybercriminals to penetrate a company’s system. Our research investigates how these scenarios would play out, how they affect the organizations, and how to prevent such attacks.
Social engineering is a tactic that, at its core, creates a false narrative to exploit a victim’s credulity, greed, curiosity, or any other very human characteristics. Attackers continue to enhance existing social engineering and use new technologies.
Hacktivist groups are driven by a political or ideological agenda. In the past, their actions were likened to symbolic, digital graffiti. Nowadays, hacktivist groups resemble urban gangs. Previously composed of low-skilled individuals, these groups have evolved into medium- to high-skill teams, often smaller in size but far more capable.
What does the present state of the Spanish-speaking cybercriminal underground look like? What are the most common scams and other illicit offerings peddled by cybercriminals? Unearth the secrets of the Spanish dark market in our research.
The English-speaking cybercriminal underground market has undergone significant transformations. We examine how it has adapted to new technology, increased law enforcement scrutiny, and linguistic diversification.
Threat actors are actively looking for exposed .env files. These files have become ticking bombs deeply rooted inside DevOps practices. Our research paper uncovers the hidden dangers in DevOps using real-world examples.
Digital Assistants (DA) are AI-driven software, sometimes embedded into dedicated hardware and integrated with multiple systems, that understand natural language and use them to perform various tasks