The Costly Confusion Behind Security Risks
In SaaS security conversations, “misconfiguration” and “vulnerability” are often used interchangeably. But they’re not the same thing. And misunderstanding that distinction can quietly create real…
Month: August 2025
The Cost of Data Blindness
Exposed Without a Breach: The Cost of Data Blindness Pierluigi Paganini August 05, 2025 These are in plain sight without a Breach. No ransomware. No…
SonicWall urges admins to disable SSLVPN amid rising attacks
SonicWall has warned customers to disable SSLVPN services due to ransomware gangs potentially exploiting an unknown security vulnerability in SonicWall Gen 7 firewalls to breach…
Hackers Can Steal IIS Machine Keys by Exploit SharePoint Deserialization Vulnerability
A sophisticated attack method where hackers are exploiting a deserialization vulnerability in SharePoint to steal Internet Information Services (IIS) Machine Keys. This enables attackers to…
Threat Actors Exploit Open-Source Vulnerabilities to Spread Malicious Code
FortiGuard Labs has reported a sustained trend in the exploitation of open-source software (OSS) repositories for malware dissemination within supply chain ecosystems. As development workflows…
Unexpected snail mail packages are being sent with scammy QR codes, warns FBI
Receiving an unexpected package in the post is not always a pleasant surprise. The FBI has warned the public about unsolicited packages containing a QR…
HTTP Request Smuggling Explained: with seasoned bug bounty hunter NahamSec and world-class researcher James Kettle
Amelia Coen | 05 August 2025 at 11:08 UTC Ever wondered how attackers can compromise modern websites by exploiting invisible cracks in HTTP infrastructure to…
Android gets patches for Qualcomm flaws exploited in attacks
Google has released security patches for six vulnerabilities in Android’s August 2025 security update, including two Qualcomm flaws exploited in targeted attacks. The two security…
Threat Actors are Actively Exploiting Vulnerabilities in Open-Source Ecosystem to Propagate Malicious Code
The open-source software ecosystem, once considered a bastion of collaborative development, has become an increasingly attractive target for cybercriminals seeking to infiltrate supply chains and…
MediaTek Chip Vulnerabilities Allow Attackers to Gain Elevated Access
MediaTek has disclosed three critical security vulnerabilities affecting dozens of its chipsets, potentially allowing attackers to gain elevated system privileges on affected devices. The vulnerabilities,…
How Top CISOs Save Their SOCs from Alert Chaos to Never Miss Real Incidents
Why do SOC teams still drown in alerts even after spending big on security tools? False positives pile up, stealthy threats slip through, and critical…
Microsoft increases Zero Day Quest prize pool to $5 million
Microsoft will offer up to $5 million in bounty awards at this year’s Zero Day Quest hacking contest, which the company describes as the “largest…