Risky NPM Package (Agentic AI assistant)

- Posted in Incident Response by
Risky NPM Package (Agentic AI assistant)
Background Because the saga of AI and agentic clients continues, organizations can be put at risk since threat actors may target such solutions. This has prompted an effort to understand what is [...] Read more

Friendly Faces, Malicious Moves: Inside Legitimate IDE Threats in Technical Interviews

- Posted in Hardenings by
Friendly Faces, Malicious Moves: Inside Legitimate IDE Threats in Technical Interviews
Background: While reading an article about how threat actors abuse legitimate VS Code functionality to run malicious code on a target machine when a project is opened by the victim, I concluded that [...] Read more

Simple Methods to Spot Disabled Antivirus (Windows Defender) on Windows Systems

- Posted in Incident Response by
Simple Methods to Spot Disabled Antivirus (Windows Defender) on Windows Systems
Background: During incident response, it’s not always the case that advanced, highly sophisticated AV bypass techniques are used. Sometimes, attackers rely on simple, out-of-the-box methods to [...] Read more

Wild Exploits, Missing Logs: Docker Incident Response Without SIEM Visibility

- Posted in Incident Response by
Wild Exploits, Missing Logs: Docker Incident Response Without SIEM Visibility
Background: Sometimes, when dealing with incidents, there can be situations where logs are not available—especially in cases involving containers that were downloaded from Docker Hub. For example, [...] Read more

Linux Suspicious ELF File Static Analysis Techniques and Approaches

- Posted in Threat Analyze by
Linux Suspicious ELF File Static Analysis Techniques and Approaches
Background: Sometimes during daily cases we see suspicious detections on Linux machines which have hashes that do not exist on popular platforms and we do not have licenses for sandboxes. To resolve [...] Read more

Researching CVE-2025-14847 (Mongo memory leak): Defensive Strategies and Detection Techniques

- Posted in Threat Analyze by
Researching CVE-2025-14847 (Mongo memory leak): Defensive Strategies and Detection Techniques
Background: A few days ago, there was a notification about a memory leak issue (CVE) affecting MongoDB. Shortly after, a proof-of-concept (POC) was released on one of the version control channels. As [...] Read more

Agentic AI challenges in IDE: Forensic and extraction of traces PART 3

- Posted in Incident Response by
Agentic AI challenges in IDE: Forensic and extraction of traces PART 3
Background: In our latest research related to forensic traces left by IDEs, let's look into the Cursor AI IDE. Traces: As in our previous research, we saw that some of its components rely on VS Code. [...] Read more

Agentic AI challenges in IDE: Forensic and extraction of traces PART 2

- Posted in Incident Response by
Agentic AI challenges in IDE: Forensic and extraction of traces PART 2
Background: As we continue our research around agentic IDEs which can leave traces, because at some IR stages you need to deal with such things—especially when an engineer's machine was involved in [...] Read more

Agentic AI challenges in IDE: Forensic and extraction of traces PART 1

- Posted in Incident Response by
Agentic AI challenges in IDE: Forensic and extraction of traces PART 1
Background: With the rise of AI companions and agentic features in popular IDEs, these tools can now execute commands with user consent. This presents new challenges for digital forensic specialists, [...] Read more

AI-Powered Polymorphic Phishing Pages: Detection Methods and Defensive Strategies

- Posted in Threat Analyze by
AI-Powered Polymorphic Phishing Pages: Detection Methods and Defensive Strategies
Background: As AI technologies rapidly advance, it is essential for us as cybersecurity specialists to understand how we can defend against emerging threats. One scenario that comes to mind is the [...] Read more
Page 1 of 9