Threats and vulnerabilities
Keeping up with the latest threats and vulnerabilities is a battle for any security pro. Get up-to-date information on email threats, nation-state attacks, phishing techniques, ransomware and malware, DDoS attacks, APTs, application vulnerabilities, zero-day exploits, malicious insiders and more.
Top Stories
-
News
20 Aug 2025
How outer space became the next big attack surface
VisionSpace Technologies' Andrzej Olchawa and Milenko Starcik discussed a set of vulnerabilities capable of ending space missions at the Black Hat USA 2025 News Desk. Continue Reading
-
News
20 Aug 2025
AI agents access everything, fall to zero-click exploit
Zenity CTO Michael Bargury joins the Black Hat USA 2025 News Desk to discuss research on a dangerous exploit, how generative AI technology has "grown arms and legs" -- and what that means for cyber-risk. Continue Reading
-
Answer
02 Dec 2013
Heap spray attacks: Details and mitigations for new techniques
Expert Nick Lewis details a new heap spray attack technique and provides mitigations for both new and old heap spray attacks. Continue Reading
By -
Tip
11 Nov 2013
Inside the BREACH attack: How to avoid HTTPS traffic exploits
Enterprise threats expert Nick Lewis examines how the BREACH attack exploits HTTPS traffic and what enterprises can do to mitigate the attack risk. Continue Reading
By -
Answer
10 Sep 2013
Can an unqualified domain name cause man-in-the-middle attacks?
An unqualified domain name can make reaching internal resources easier, but expert Michael Cobb warns that man-in-the-middle attacks could result. Continue Reading
By -
Quiz
07 Mar 2013
Quiz: Targeted attacks
Think you know a targeted attack when you see one? Check if you're up to speed and ready to protect your organization from this pernicious threat with this five-question quiz. Continue Reading
By -
Feature
26 Feb 2013
Antivirus evasion techniques show ease in avoiding antivirus detection
In the wake of the New York Times attack, a look at antivirus evasion techniques show how easy it is to avoid antivirus detection and why new defenses are needed. Continue Reading
By- Joe Granneman, Contributor
-
Answer
25 Aug 2011
Locate IP address location: How to confirm the origin of a cyberattack
What's the best way to determine the origin of a cyberattack? Expert Nick Lewis weighs in. Continue Reading
By -
Answer
25 May 2010
Tips on how to remove malware manually
In this expert response, Nick Lewis explains how to remove malware manually, step by step. Continue Reading
By -
Tip
06 Apr 2010
Operation Aurora: Tips for thwarting zero-day attacks, unknown malware
In December 2009, Google, Adobe and other companies were the victims of a damaging cyberattack called Operation Aurora. In this tip, expert Nick Lewis outlines the lessons learned from this attack, and how companies can avoid falling victim to similar attacks. Continue Reading
By -
Tip
02 Jul 2009
How to defend against rogue DHCP server malware
Rogue DHCP server malware is a new twist on an old concept. The good news is that effective threat mitigation strategies exist; the bad news is that many organizations haven't bothered to deploy them. Continue Reading
By- Sherri Davidoff, LMG Security
-
Answer
26 Jan 2009
What are the security risks of opening port 110 and port 25?
If an external manufacturer wants to remotely access its leased copiers, is it risky to open both port 110 or port 25? Mike Chapple reveals a few security repercussions. Continue Reading
By- Mike Chapple, University of Notre Dame
-
Answer
21 Oct 2008
Is it impossible to successfully remove a rootkit?
In this expert Q&A, Michael Cobb takes a closer a look at the nature of rootkits to see why they can be so difficult to remove. Continue Reading
By -
Tip
05 Mar 2008
Built-in Windows commands to determine if a system has been hacked
In this tip, contributor Ed Skoudis identifies five of the most useful Windows command-line tools for machine analysis and discusses how they can assist administrators in determining if a machine has been hacked. Continue Reading
By- Ed Skoudis, SANS Technology Institute
-
Tip
17 Jan 2008
Cleansing an infected mail server
Learn five measures you can take to when cleaning up a massive email virus infection Continue Reading
By -
Tip
17 Jan 2008
Ten hacker tricks to exploit SQL Server systems
SQL Server hackers have a medley of tricks and tools to gain access to your database systems. Learn their techniques and test SQL Server security before they do. Continue Reading
By- Kevin Beaver, Principle Logic, LLC
-
Answer
30 May 2007
How secure are document scanners and other 'scan to email' appliances?
Copiers and document scanners have always posed challenges for information security teams. In this SearchSecurity.com Q&A, Michael Cobb reveals how the right policies can control the use (and abuse) of these devices. Continue Reading
By -
Answer
02 May 2007
How can header information track down an email spoofer?
Spammers can use spoofed headers to hide the true origin of unwanted email. In this SearchSecurity.com Q&A, application security expert Michael Cobb explains how to trust where a message is coming from. Continue Reading
By -
Answer
09 Apr 2007
How can attackers exploit RSS software flaws?
RSS syndication feeds are a convenient way to get your news, blogs or other favorite content, but these popular tools are often left exposed. In this SearchSecurity.com Q&A, Ed Skoudis explains how malicious hackers can attack RSS software and distribute malicious code. Continue Reading
By- Ed Skoudis, SANS Technology Institute
-
Feature
26 Jan 2007
Balancing the cost and benefits of countermeasures
The final tip in our series, "How to assess and mitigate information security threats," excerpted from Chapter 3: The Life Cycle of Internet Access Protection Systems of the book "The Shortcut Guide to Protecting Business Internet Usage published by Realtimepublishers. Continue Reading
-
Feature
26 Jan 2007
Network-based attacks
The second tip in our series, "How to assess and mitigate information security threats," excerpted from Chapter 3: The Life Cycle of Internet Access Protection Systems of the book The Shortcut Guide to Protecting Business Internet Usage published by Realtimepublishers. Continue Reading
-
Feature
12 May 2005
E-mail policies -- A defense against phishing attacks
In this excerpt of Chapter 6 from "Phishing: Cutting the Identity Theft Line," authors Rachael Lininger and Russell Dean Vines explain how e-mail policies help protect companies from phishing attacks. Continue Reading