If you’ve heard it once, you’ve probably heard it a million times: “today’s enterprise environments are becoming more and more complex.” I know it’s something I’ve been known to say a time or two (or a million). Here’s the thing: it’s true. There are several factors at play, but two of the biggest are the increasingly fine-grained composition and distribution of applications … [Read more...] about From Hyrbid Mesh Firewalls to Universal ZTNA
Updating the Visual Studio Code extension for Swift
Today, we are excited to announce a new version of the Swift extension for Visual Studio Code – now published to the extension marketplace as an official supported release of the Swift team. The aim of this extension is to provide a high-quality, feature-complete extension that makes developing Swift applications on all platforms a seamless experience. As we continue to … [Read more...] about Updating the Visual Studio Code extension for Swift
Latest Product Updates and Features in Logz.io
We’re excited to announce a series of upgrades to our AI Agent, Log Management Explore UI and core integrations designed to empower you with even deeper observability and streamlined operations. These updates enhance account visibility, multi-telemetry trace insights, and logging capabilities while ensuring seamless compatibility with OpenTelemetry. Read on to discover how … [Read more...] about Latest Product Updates and Features in Logz.io
Hackers Exploit Google Tag Manager to Deploy Credit Card Skimmers on Magento Stores
Feb 10, 2025Ravie LakshmananMalware / Payment Security Threat actors have been observed leveraging Google Tag Manager (GTM) to deliver credit card skimmer malware targeting Magento-based e-commerce websites. Website security company Sucuri said the code, while appearing to be a typical GTM and Google Analytics script used for website analytics and advertising purposes, … [Read more...] about Hackers Exploit Google Tag Manager to Deploy Credit Card Skimmers on Magento Stores
How to detect malicious browser extensions using Elastic
When your CISO asks if a specific browser extension has ever been installed on any of your workstations, how quickly can you get the correct answer? Malicious browser extensions are a significant threat that many organizations have no way of managing or detecting. This blog post explores how the Elastic Infosec team uses osquery and the Elastic Stack to create a real-time … [Read more...] about How to detect malicious browser extensions using Elastic
Malicious ML Models on Hugging Face Leverage Broken Pickle Format to Evade Detection
Feb 08, 2025Ravie LakshmananArtificial Intelligence / Supply Chain Security Cybersecurity researchers have uncovered two malicious machine learning (ML) models on Hugging Face that leveraged an unusual technique of "broken" pickle files to evade detection. "The pickle files extracted from the mentioned PyTorch archives revealed the malicious Python content at the beginning of … [Read more...] about Malicious ML Models on Hugging Face Leverage Broken Pickle Format to Evade Detection
DeepSeek App Transmits Sensitive User and Device Data Without Encryption
Feb 07, 2025Ravie LakshmananMobile Security / Artificial Intelligence A new audit of DeepSeek's mobile app for the Apple iOS operating system has found glaring security issues, the foremost being that it sends sensitive data over the internet sans any encryption, exposing it to interception and manipulation attacks. The assessment comes from NowSecure, which also found that … [Read more...] about DeepSeek App Transmits Sensitive User and Device Data Without Encryption
CISA Warns of Active Exploits Targeting Trimble Cityworks Vulnerability
Feb 07, 2025The Hacker NewsVulnerability / Malware The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has warned that a security flaw impacting Trimble Cityworks GIS-centric asset management software has come under active exploitation in the wild. The vulnerability in question is CVE-2025-0994 (CVSS v4 score: 8.6), a deserialization of untrusted data bug that … [Read more...] about CISA Warns of Active Exploits Targeting Trimble Cityworks Vulnerability
How To Optimize Your Observability Spend in 2025
According to the 2024 Logz.io Observability Pulse Survey, 91% of respondents said they’re actively looking for ways to reduce observability costs, and 50% want better visibility into their monitoring expenses. Observability Costs Are Out of Control – Here’s How to Fix It In today’s cloud-native world, keeping logs, metrics, and traces under control isn’t just about … [Read more...] about How To Optimize Your Observability Spend in 2025
Lessons from an Istio Configuration Finding
As a part of our ongoing work to secure cloud computing infrastructure, we delved into the inner workings of some popular Kubernetes add-ons. Our first subject of research was Istio, a popular service mesh add-on. Istio is an open-source service mesh for Kubernetes that manages communication between microservices. It provides traffic management, security, and … [Read more...] about Lessons from an Istio Configuration Finding