Critical SAP NetWeaver flaw exploited by suspected initial access broker (CVE-2025-31324)
CVE-2025-31324, a critical vulnerability in the SAP NetWeaver platform, is being actively exploited by attackers to upload malicious webshells to enable unauthorized file …
Threat actors are scanning your environment, even if you’re not
In a world where organizations’ digital footprint is constantly changing and attackers regularly capitalize on security failings in exposed IT assets, making the effort to …
GoSearch: Open-source OSINT tool for uncovering digital footprints
GoSearch is an open-source OSINT tool built to uncover digital footprints linked to specific usernames. Designed for speed and accuracy, it lets users quickly track …
Ransomware attacks are getting smarter, harder to stop
Ransomware attacks are becoming more refined and pervasive, posing significant challenges to organizations globally. A Veeam report reveals that while the percentage of …
Most critical vulnerabilities aren’t worth your attention
Web applications face a wide range of risks, including known-exploitable vulnerabilities, supply chain attacks, and insecure identity configurations in CI/CD, according to the …
Week in review: MITRE ATT&CK v17.0 released, PoC for Erlang/OTP SSH bug is public
Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Released: MITRE ATT&CK v17.0, now with ESXi attack TTPs MITRE has …
Rack Ruby vulnerability could reveal secrets to attackers (CVE-2025-27610)
Researchers have uncovered three serious vulnerabilities in Rack, a server interface used by most Ruby web app frameworks (Ruby on Rails, Sinatra, Hanami, Roda, and others). …
Flexible working models fuel surge in device theft
76% of respondents have been impacted by incidents of device theft in the past two years, with incidents more common in organizations with more flexible working models, …
Exposure validation emerges as critical cyber defense component
Organizations have implemented various aspects of threat exposure validation, including security control validation (51%) and filtering threat exposures based on the …
13 core principles to strengthen AI cybersecurity
The new ETSI TS 104 223 specification for securing AI provides reliable and actionable cybersecurity guidance aimed at protecting end users. Adopting a whole-lifecycle …
Top must-visit companies at RSAC 2025
RSAC 2025 Conference is taking place at the Moscone Center in San Francisco from April 28 – May 1. With hundreds of booths, countless product demos, and nonstop buzz, …
New infosec products of the week: April 25, 2025
Here’s a look at the most interesting products from the past week, featuring releases from Bitdefender, PowerDMARC, Skyhawk Security, Stellar Cyber, Swimlane, and Veracode. …
Featured news
Resources
Don't miss
- How FinTechs are turning GRC into a strategic enabler
- Secretless Broker: Open-source tool connects apps securely without passwords or keys
- Product showcase: Protect your data with Apricorn Aegis Secure Key 3NXC
- Microsoft introduces protection against email bombing
- Sudo local privilege escalation vulnerabilities fixed (CVE-2025-32462, CVE-2025-32463)