enterprise
A new way to think about zero trust for workloads
Static credentials have been a weak point in cloud security for years. A new paper by researchers from SentinelOne takes direct aim at that issue with a practical model for …
Passwordless adoption moves from hype to habit
With the average person juggling more than 300 credentials and credential abuse still the top attack vector, the password’s decline is long overdue. Across every major sector, …
AI agents can leak company data through simple web searches
When a company deploys an AI agent that can search the web and access internal documents, most teams assume the agent is simply working as intended. New research shows how …
Microsoft releases urgent fix for actively exploited WSUS vulnerability (CVE-2025-59287)
Microsoft has released an out-of-band security update that “comprehensively” addresses CVE-2025-59287, a remote code execution vulnerability in the Windows Server …
Attackers turn trusted OAuth apps into cloud backdoors
Attackers are increasingly abusing internal OAuth-based applications to gain persistent access to cloud environments, Proofpoint researchers warn. These apps often remain …
Attackers are exploiting Gladinet CentreStack, Triofox vulnerability with no patch (CVE-2025-11371)
CVE-2025-11371, an unauthenticated Local File Inclusion vulnerability in Gladinet CentreStack and Triofox file-sharing and remote access platforms, is being exploited by …
Attackers compromised ALL SonicWall firewall configuration backup files
The attackers who brute-forced their way into SonicWall’s firewall cloud backup service accessed configuration backup files of all customers who have used the service, …
Akira ransomware: From SonicWall VPN login to encryption in under four hours
Four hours or less: that’s how long it takes for Akira affiliates to break into organizations and deploy the ransomware on their systems, Arctic Wolf researchers have …
Attackers exploited critical Fortra GoAnywhere flaw in zero-day attacks (CVE-2025-10035)
CVE-2025-10035, a perfect CVSS 10.0 vulnerability in the Fortra GoAnywhere managed file transfer solution, has apparently been exploited in zero-day attacks before the patch …
Cisco fixes IOS/IOS XE zero-day exploited by attackers (CVE-2025-20352)
Cisco has fixed 14 vulnerabilities in IOS and IOS XE software, among them CVE-2025-20352, a high-severity vulnerability that has been exploited in zero-day attacks. About …
New framework sets baseline for SaaS security controls
Managing security across dozens or even hundreds of SaaS apps has become a major headache. Each tool has its own settings, permissions, and logs, and most third-party risk …
Unpatched Fortra GoAnywhere instances at risk of full takeover (CVE-2025-10035)
If you’re running Fortra’s GoAnywhere managed file transfer solution and you haven’t updated to the latest available version for a while, do so now or risk getting …
Featured news
Resources
Don't miss
- A new way to think about zero trust for workloads
- Heisenberg: Open-source software supply chain health check tool
- Securing real-time payments without slowing them down
- Unpatched Windows vulnerability continues to be exploited by APTs (CVE-2025-9491)
- CISA and partners take action as Microsoft Exchange security risks mount