Patchstack

"You use AI to create bad things? We're using AI to protect from those bad things that AI creates." Threat actors are using LLMs to create more dangerous malware. Defenders have to fight fire with fire. It's an eternal game of cat and mouse. The question is: 𝗮𝗿𝗲 𝘆𝗼𝘂 𝗸𝗲𝗲𝗽𝗶𝗻𝗴 𝘂𝗽? Full Q&A with Salvador Aguilar @ Monarx linked in the comments 💬

Just a few months, and already 53k threats blocked! 💪 See how xCloud does it with its Patchstack-powered Site Security PRO add-on. https://lnkd.in/gAi7HfJ8

Our very own Mart Virkus joined a panel of speakers for the MSP GLOBAL podcast: 𝗡𝗼-𝗕𝗦 𝗖𝘆𝗯𝗲𝗿𝘀𝗲𝗰𝘂𝗿𝗶𝘁𝘆 𝗳𝗼𝗿 𝗠𝗦𝗣𝘀 Mart was joined by: • Jesse Tuttle, also known as "Hackah Jack", ethical threat actor at AP2T Labs and formerly on the FBI's Most Wanted List • Brook Lee, Senior Director of Community at Rev.io • Marcus Gregory, Head of Distribution Partnerships-Spain for Blackwall Together, they discussed cybersecurity and compliance challenges managed service providers (MSPs) face, from the service provider, cybersecurity supplier, and attacker perspectives. Check out the full conversation (linked in the comments 💬)

"It opens the door. It's like just leaving the door open for anything else, and all the rats come in." Uploaders are now the #1 attack vector in WordPress malware. Compromised accounts → fake plugins → your entire site is compromised. One open door that can lead to endless damage. Full Q&A with Salvador Aguilar @ Monarx linked in the comments 💬

"The fact that your landing page is working well doesn't mean the site's not infected. It's like when a person has cancer. You'll see them normally, but you don't know they're sick." It's not always obvious when your website is infected, so you can't just rely on checking your site's frontend. Full Q&A with Salvador Aguilar at Monarx linked in the comments 💬

Welcoming HostArmada to the proactive security gang! 😎 In the words of Simeon Mitev: "We can now block threats earlier and deliver a stronger, more complete security experience to our customers." Learn more about their journey with Patchstack: 👇 https://lnkd.in/dmvJhr7h

“What were the hardest vulnerabilities and exploits to protect against?" You might expect it to be the most dangerous one. It’s not. One of the hardest to defend against is cross-site request forgery (CSRF), and the reason has nothing to do with complexity. It’s the tradeoff. CSRF attacks often look like normal user behavior: – clicking a link – being redirected – triggering an action on a site From a system’s perspective, that can be indistinguishable from legitimate use. So if you try to block it aggressively, you run into a problem: You trigger a bunch of false positives & start breaking real functionality. That’s why even strong security setups can't always fully block CSRF. The cost of getting it wrong is too high. Watch the full conversation or get the details from our study (𝗹𝗶𝗻𝗸 𝗶𝗻 𝗰𝗼𝗺𝗺𝗲𝗻𝘁𝘀 💬)

“Just add more firewall rules.” For generic attacks? Sure, patterns exist. For vulnerabilities in the application layer? Every line of code introduces its own logic, its own edge cases, and therefore (if vulnerable), its own exploit paths. This means: 1) You can't simply deploy a network-level WAF with generic rules and call it a day. 2) There is no shortcut to protection with some extra firewall rules (even if "some" = some unfathomable number). Watch the full breakdown … (𝗹𝗶𝗻𝗸 𝗶𝗻 𝘁𝗵𝗲 𝗰𝗼𝗺𝗺𝗲𝗻𝘁𝘀 💬)

We tested a wide variety of hosting providers. Big names, smaller players, and hosts with very different approaches to security. But even with that mix, one pattern stood out. The hosts investing the most in 𝘀𝗲𝗰𝘂𝗿𝗶𝘁𝘆 𝗺𝗮𝗿𝗸𝗲𝘁𝗶𝗻𝗴…often didn’t perform any better. In one case, a provider led with bold claims around “secure WordPress hosting.” Huge headline at the top of the page, but once you scrolled, the details told a different story: – how their servers are secured – how the infrastructure is hardened – how the environment is isolated All of which are valid and useful, but none of that actually secures your application layer. Watch the full breakdown … (𝗹𝗶𝗻𝗸 𝗶𝗻 𝘁𝗵𝗲 𝗰𝗼𝗺𝗺𝗲𝗻𝘁𝘀 💬)

We got down to a *lot* this year at CloudFest 👀 Here's a recap: ⚡ 62 people tattooed at our booth! 📢 5+ talks given by Oliver Sild (in one day!) 🎤 2 Patchstack MCs running stages (Lana Rafaela & Siobhan McKeown) 🥷 95 hackers joined our onsite CTF 🚩 Hundreds* more attended the Hackerspace event (*=still counting!) 💰 1750 EUR paid out in CTF rewards! ☹️ 3 total room keys lost by our team (RIP)