Author: HackWatchit

An ongoing outage at IT giant Ingram Micro is caused by a SafePay ransomware attack that led to the shutdown of internal systems, BleepingComputer has learned. Ingram Micro is one of the world’s largest business-to-business technology distributors and service providers, offering a range of solutions including hardware, software, cloud services, logistics, and training to resellers and managed service providers worldwide. Since Thursday, Ingram Micro’s website and online ordering systems have been down, with the company not disclosing the cause of the issues. BleepingComputer has now learned that the outages are caused by a cyberattack that occurred early Thursday morning, with…

Brian Fehrman // The post GoCat – Advanced Testing, Evaluating and Breaking of Security Software appeared first on Black Hills Information Security, Inc..

Here’s a look at the most interesting products from the past week, featuring releases from DigitalOcean, Scamnetic, StealthCores, and Tracer AI. Scamnetic KnowScam 2.0 helps consumers detect every type of scam KnowScam 2.0 now comes with major upgrades, including an enhanced three-point scoring system, the new Auto Scan feature for Microsoft Outlook and Android RCS, and a new deepfake detection and ID verification feature in IDeveryone for instant identification. Tracer AI combats fraud, counterfeits and narrative attacks in ChatGPT Tracer Protect for ChatGPT monitors ChatGPT results for mentions of Tracer customers’ brands, products, services and executives, and proactively identifies and…

If you’re reading this from a shaded Adirondack chair, lemonade in hand and the distant sizzle of a grill in your ears, congratulations: you’re living the Fourth of July dream. But how much does that dream cost — and how has the price tag changed since the days when a smartphone was just a twinkle in Steve Jobs’ eye? The Weekender is here to take you on a lighthearted (and slightly wallet-anxious) journey through the economics of America’s favorite summer holiday. Let’s start with the centerpiece: the Fourth of July picnic. According to the American Farm Bureau Federation (AFBF), the…

Cybersecurity threats have emerged so quickly that most companies struggle to keep up and executives are often the first targets. These individuals are known to the public and hold access to sensitive company data with valuable personal and financial information. Keeping them safe from cyber attacks takes more than standard security measures. That is why Digital Executive Protection (DEP) is becoming an important part of how companies handle cybersecurity today This article explores how Digital Executive Protection works, why it matters, and how platforms are setting the standard in safeguarding organizational leadership from online threats. Why Executives Are High-Value Targets…

We were recently testing a web application that used ASP.NET cookieless sessions. This meant that the session token was part of the URL as shown in the example below. http://www.blackhillsinfosec.com/(S(hd73kdjf780sndyfn23elomzqd5ghwa))/login.html In this case, the session token is of the form (S(LongRandomToken), where LongRandomToken is a long, randomly generated alpha-numeric string and takes the place of  the session cookie. This implementation makes for a messy site map when testing with Burp Suite because the changing tokens make it appear that there are limitless content paths in the application. For example, a site map that has one login page would show up…

tools like dbt make constructing SQL data pipelines easy and systematic. But even with the added structure and clearly defined data models, pipelines can still become complex, which makes debugging issues and validating changes to data models difficult. The increasing complexity of data transformation logic gives rise to the following issues: Traditional code review processes only look at code changes and exclude the data impact of those changes. Data impact resulting from code changes is hard to trace. In sprawling DAGs with nested dependencies, discovering how and where data impact occurs is extremely time-consuming, or near impossible. Gitlab’s dbt DAG…

Overview CVE-2025-29306 is a critical remote code execution (RCE) vulnerability affecting FoxCMS version 1.2.5. The flaw stems from unsafe handling of the id parameter, which is passed directly into PHP’s unserialize() function without validation. Attackers can supply malicious serialized PHP objects that trigger arbitrary command execution via system(). CVE ID: CVE-2025-29306 Severity: Critical CVSS Score: 9.8 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) EPSS Score: 71.52% Affected Version: FoxCMS ≤ 1.2.5 Patched Version: None released as of writing Authentication Required: No Impact: Remote Code Execution Technical Breakdown FoxCMS uses unserialize() directly on user-supplied input from the id parameter. When a malicious serialized PHP object is supplied,…

As artificial intelligence continues to evolve from narrow applications to autonomous agents, one foundational question becomes increasingly urgent: how can we trust what we can’t fully understand or control? This is not just a philosophical concern. In real-world systems—from finance to medicine, supply chains to governance—AI is making decisions with real consequences. But without a robust trust layer, these systems become vulnerable to manipulation, error, and opacity. Blockchain is not just a financial tool or decentralized database — it is a necessary trust infrastructure for the AI-powered world. Here’s why. 1. 🔐 Trust Without Intermediaries The problem: When AI agents…