All Categories
-
-
emerging threats and vulnerabilities
July 10, 2025
CVE-2025-48384: Git vulnerable to arbitrary file write on non-Windows systems
-
emerging threats and vulnerabilities
May 21, 2025
The obfuscation game: MUT-9332 targets Solidity developers via malicious VS Code extensions
-
research
May 13, 2025
Tales from the cloud trenches: The Attacker doth persist too much, methinks
-
emerging threats and vulnerabilities
May 7, 2025
RedisRaider: Weaponizing misconfigured Redis to mine cryptocurrency at scale
-
emerging threats and vulnerabilities
April 17, 2025
Datadog threat roundup: Top insights for Q1 2025
-
emerging threats and vulnerabilities
March 28, 2025
Understanding CVE-2025-29927: The Next.js Middleware Authorization Bypass Vulnerability
-
emerging threats and vulnerabilities
March 25, 2025
The 'IngressNightmare' vulnerabilities in the Kubernetes Ingress NGINX Controller: Overview, detection, and remediation
-
research
March 25, 2025
Creating immutable users through a bug in Entra ID restricted administrative units
-
-
-
emerging threats and vulnerabilities
January 24, 2025
Datadog threat roundup: top insights for Q4 2024
-
research
December 17, 2024
From Detection to Enforcement: Migrating from IMDSv1 to IMDSv2
-
research
December 16, 2024
Escalating privileges to read secrets with Azure Key Vault access policies
-
emerging threats and vulnerabilities
December 13, 2024
Getting a taste of your own medicine: Threat actor MUT-1244 targets offensive actors, leaking hundreds of thousands of credentials
-
-
open source software
December 6, 2024
Introducing Supply-Chain Firewall: Protecting Developers from Malicious Open Source Packages
-
emerging threats and vulnerabilities
November 22, 2024
MUT-8694: An NPM and PyPI Malicious Campaign Targeting Windows Users
-
research
October 29, 2024
Exploring Google Cloud Default Service Accounts: Deep Dive and Real-World Adoption Trends
-
emerging threats and vulnerabilities
October 24, 2024
Tenacious Pungsan: A DPRK threat actor linked to Contagious Interview
-
-
emerging threats and vulnerabilities
September 27, 2024
Remote execution exploit chain in CUPS: Overview, detection, and remediation
-
research
September 23, 2024
Threat Actors leverage Docker Swarm and Kubernetes to mine cryptocurrency at scale
-
-
research
September 16, 2024
Hidden in Plain Sight: Abusing Entra ID Administrative Units for Sticky Persistence
-
writing
September 9, 2024
A SaaS provider's guide to securely integrating with customers' AWS accounts
-
writing
September 5, 2024
Kubernetes security fundamentals: Admission Control
-
emerging threats and vulnerabilities
August 20, 2024
The gift that keeps on giving: A new opportunistic Log4j campaign
-
-
open source software
August 9, 2024
Shorten your detection engineering feedback loops with Grimoire
-
open source software
August 8, 2024
Introducing GuardDog 2.0: YARA scanning, user-supplied rules, and Golang support
-
-
emerging threats and vulnerabilities
July 31, 2024
Stressed Pungsan: DPRK-aligned threat actor leverages npm for initial access
-
-
emerging threats and vulnerabilities
July 1, 2024
RegreSSHion vulnerability CVE-2024-6387: Overview, detection, and remediation
-
research
June 28, 2024
Who polices your policies? Azure policy abuse for privileges escalation and persistence
-
-
research
June 19, 2024
Tales from the cloud trenches: Raiding for AWS vaults, buckets and secrets
-
emerging threats and vulnerabilities
June 13, 2024
Attackers deploying new tactics in campaign targeting exposed Docker APIs
-
emerging threats and vulnerabilities
June 7, 2024
A guide to threat hunting and monitoring in Snowflake
-
research
May 28, 2024
Non-Production Endpoints as an Attack Surface in AWS
-
emerging threats and vulnerabilities
May 23, 2024
Malicious PyPI packages targeting highly specific MacOS machines
-
research
April 15, 2024
Amplified exposure: How AWS flaws made Amplify IAM roles vulnerable to takeover
-
emerging threats and vulnerabilities
April 3, 2024
The XZ Utils backdoor (CVE-2024-3094): Everything you need to know, and more
-
research
March 22, 2024
A threat-informed roadmap for securing Kubernetes clusters (KubeCon EU 2024)
-
research
March 15, 2024
Tales from the cloud trenches: Using AWS CloudTrail to identify malicious activity and spot phishing campaigns
-
writing
February 12, 2024
Kubernetes security fundamentals: Authentication
-
-
research
January 19, 2024
Tales from the cloud trenches: Amazon ECS is the new EC2 for crypto mining
-
research
January 10, 2024
From IRC to Instant Messaging: The Rise of Malware Communication via Chat Platforms
-
-
writing
December 19, 2023
Deep dive into the new Amazon EKS Cluster Access Management features
-
writing
December 7, 2023
Kubernetes security fundamentals: API Security
-
writing
November 28, 2023
Deep dive into the new Amazon EKS Pod Identity feature
-
writing
October 27, 2023
The Kubernetes CVE-2023-3676 Windows command injection vulnerability - exploitation and prevalence
-
emerging threats and vulnerabilities
October 13, 2023
The Confluence CVE-2023-22515 vulnerability: Overview, detection, and remediation
-
research
October 11, 2023
Following attackers’ (Cloud)trail in AWS: Methodology and findings in the wild
-
-
open source software
October 2, 2023
KubeHound: Identifying attack paths in Kubernetes clusters
-
-
-
-
writing
August 4, 2023
Container security fundamentals part 5: AppArmor and SELinux
-
research
July 27, 2023
No keys attached: Exploring GitHub-to-AWS keyless authentication flaws
-
writing
June 1, 2023
Misconfiguration Spotlight: Securing the EC2 Instance Metadata Service
-
-
writing
May 16, 2023
Attacking and securing cloud identities in managed Kubernetes part 1: Amazon EKS
-
emerging threats and vulnerabilities
May 10, 2023
The OverlayFS vulnerability CVE-2023-0386: Overview, detection, and remediation
-
open source software
May 2, 2023
Introducing HASH: The HTTP Agnostic Software Honeypot framework
-
-
-
-
open source software
March 30, 2023
Identify and remediate common cloud risks with the Datadog Cloud Security Atlas
-
research
March 20, 2023
Bypassing CloudTrail in AWS Service Catalog, and Other Logging Research
-
writing
March 13, 2023
Container security fundamentals part 2: Isolation & namespaces
-
writing
February 23, 2023
Container security fundamentals: Exploring containers as processes
-
-
open source software
February 14, 2023
Announcing GuardDog 1.0, with npm support, new heuristics, and easier CI integration
-
research
February 6, 2023
Discovering a weakness leading to a partial bypass of the login rate limiting in the AWS Console
-
research
January 17, 2023
AWS CloudTrail vulnerability: Undocumented API allows CloudTrail bypass
-
writing
December 29, 2022
Datadog Security Labs 2022 in review: Highlights from our inaugural year
-
research
December 21, 2022
A retrospective on public cloud breaches of 2022, with Rami McCarthy and Houston Hopkins
-
-
writing
December 1, 2022
Attacker persistence in Kubernetes using the TokenRequest API: Overview, detection, and prevention
-
emerging threats and vulnerabilities
November 23, 2022
Investigating a backdoored PyPi package targeting FastAPI applications
-
research
November 21, 2022
A confused deputy vulnerability in AWS AppSync
-
open source software
November 15, 2022
Finding malicious PyPI packages through static code analysis: Meet GuardDog
-
emerging threats and vulnerabilities
November 1, 2022
The OpenSSL punycode vulnerability (CVE-2022-3602): Overview, detection, exploitation, and remediation
-
-
research
October 11, 2022
Improving your AWS Security posture: Key learnings from the State of AWS Security study
-
research
October 5, 2022
State of AWS Security in 2022: A look into real-world AWS environments
-
-
-
-
-
open source software
August 13, 2022
Introducing Threatest, a CLI and Go framework for end-to-end testing of threat detection rules
-
-
-
emerging threats and vulnerabilities
June 7, 2022
The Confluence RCE vulnerability (CVE-2022-26134): Overview, detection, and remediation
-
emerging threats and vulnerabilities
April 1, 2022
The Spring4Shell vulnerability: Overview, detection, and remediation
-
emerging threats and vulnerabilities
March 25, 2022
Escaping containers using the Dirty Pipe vulnerability
-
emerging threats and vulnerabilities
January 28, 2022
The PwnKit vulnerability: Overview, detection, and remediation
-
emerging threats and vulnerabilities
January 28, 2022
The Dirty Pipe vulnerability: Overview, detection, and remediation
-
open source software
January 27, 2022
Elevate AWS threat detection with Stratus Red Team
-
emerging threats and vulnerabilities
December 14, 2021
The Log4j Log4Shell vulnerability: Overview, detection, and remediation
work with us
We're always looking for talented people to collaborate with
featured positions
-
Chief of Staff - Information Security
Security - Engineering
-
Director, Security Engineering - CloudSec, AppSec and AI Security
Security - Engineering
-
Cloud Security Engineer II
Security - Engineering
-
Engineering Manager, Product Detection Engineering (Threat)
Security - Engineering
-
Engineering Manager - Product Security (EMEA)
Security - Engineering
-
Engineering Manager - Security Incident Response
Security - Engineering
We have 22 positions
view all