
Conventional Phishing attacks involved tricking potential victims to enter their respective usernames and passwords on fake websites which resembled the genuine websites. Once the login credentials were captured, they were used to steal business as well as personal data. A new trend that has emerged is to trick users into downloading malware that once downloaded […]
For years, ransomware attacks followed a predictable pattern. Attackers broke into corporate networks, encrypted files, and demanded payment in exchange for a decryption key. Organizations often paid because restoring operations without the key could take weeks.That situation is changing.Organizations have significantly improved their backup strategies, disaster recovery plans, and cyber resilience frameworks. Many companies can […]
Last month, I discovered something that stopped me cold during a routine penetration test. A developer had spun up an Ollama server to experiment with local AI models. Nothing unusual about that, except the server was publicly accessible with no authentication. The models it hosted had been trained on internal company data. This scenario plays […]