Inconsistent security strategies fuel third-party threats
47% of organizations have experienced a data breach or cyberattack over the past 12 months that involved a third-party accessing their network, according to Imprivata and the …
New infosec products of the week: February 14, 2025
Here’s a look at the most interesting products from the past week, featuring releases from Armor, EchoMark, Netwrix, Palo Alto Networks, and Socure. Palo Alto Networks Cortex …
North Korean hackers spotted using ClickFix tactic to deliver malware
North Korean state-sponsored group Kimsuky (aka Emerald Sleet, aka VELVET CHOLLIMA) is attempting to deliver malware to South Korean targets by leveraging the so-called …
Sandworm APT’s initial access subgroup hits organizations accross the globe
A subgroup of Russia’s Sandworm APT has been working to achieve initial and persistent access to the IT networks of organizations working in economic sectors Russia is …
PAN-OS authentication bypass hole plugged, PoC is public (CVE-2025-0108)
Palo Alto Networks has fixed a high-severity authentication bypass vulnerability (CVE-2025-0108) in the management web interface of its next-gen firewalls, a proof-of-concept …
The UK’s secret iCloud backdoor request: A dangerous step toward Orwellian mass surveillance
The United Kingdom government has secretly requested that Apple build a backdoor into its iCloud service, granting the government unrestricted access to users’ private data. …
Over 3 million Fortune 500 employee accounts compromised since 2022
More than three million employee-linked corporate accounts were compromised between 2022 and 2024 across Fortune 500 companies, according to Enzoic. This surge is fueled by …
Making sense of database complexity
IT leaders are grappling with increasingly complex database environments. According to a new survey from Redgate, key concerns include protecting sensitive data, navigating …
It’s time to secure the extended digital supply chain
Organizations’ increasing reliance on third-party software and services has created an environment with more vulnerabilities and harder-to-detect risks. Attackers know they …
SysReptor: Open-source penetration testing reporting platform
SysReptor is a customizable open-source penetration testing reporting platform built for pentesters, red teamers, and cybersecurity professionals. You can optimize your …
Silent breaches are happening right now, most companies have no clue
The breaches and ransomware attacks of 2024 highlighted systemic vulnerabilities, demonstrating how third-party and fourth-party dependencies amplify risks across industries, …
CEOs must act now to embrace AI or risk falling behind
While 4 out of 5 CEOs recognize AI’s potential, many worry gaps in their understanding will impact strategic decisions, risking missed opportunities and falling behind …