ALL POSTS

Key Findings 224% return on investment (ROI) over three years $3.8 million net present value (NPV) based on quantified benefits versus costs >25% reduction in overall risk of security breaches Zero breaches reported by interviewed organizations after deploying Airlock Digital Significant operational efficiencies with reduced administrative overhead Background As cyberattacks continue to grow in scale and sophistication, more organizations are turning to application control an

Key Findings Cybersecurity researchers discovered a cross-site scripting (XSS) vulnerability in the web-based control panel used by operators of the StealC information stealer malware. By exploiting the flaw, researchers were able to collect system fingerprints, monitor active sessions, and steal cookies from the infrastructure designed for cookie theft. StealC is a malware-as-a-service (MaaS) offering that emerged in January 2023, leveraging YouTube as a primary distribution

Key Findings: Cybersecurity researchers at Miggo Security have disclosed a security vulnerability in Google Gemini that allows unauthorized access to users' private calendar data. The vulnerability, dubbed "Indirect Prompt Injection," enables threat actors to craft malicious calendar invites that can bypass Google Calendar's privacy controls. When a user asks Gemini a seemingly innocent question about their schedule, the AI chatbot is tricked into parsing the malicious prompt

Key Findings GootLoader malware uses malformed ZIP files made of hundreds of concatenated archives to evade detection. GootLoader is used by ransomware actors for initial access, then handed off to others. GootLoader runs on an access-as-a-service model and has been known to deliver threats like SunCrypt, REvil, Kronos, and Cobalt Strike. The ZIP file is intentionally broken so many security and analysis tools can't open it, but Windows can, helping the malware avoid detectio

Key Findings A vulnerability in the AWS Console supply chain, dubbed "CodeBreach," could have allowed attackers to seize control of critical AWS infrastructure. The flaw stemmed from a seemingly minor misconfiguration in a regular expression (regex) used to filter pull requests in AWS CodeBuild pipelines. The lack of "start ^ and end $ anchors" in the regex pattern enabled malicious actors to bypass the filter and trigger privileged builds. Wiz researchers were able to exploi

Key Findings OpenAI is launching a new $8 per month "ChatGPT Go" subscription tier, aimed at bridging the gap between free users and the $20 "Plus" tier. The most controversial aspect is the introduction of integrated advertising in both the free and Go tiers, a first for OpenAI. OpenAI is defending the ads as necessary to keep ChatGPT affordable and accessible, but privacy and cybersecurity experts are raising concerns. The company promises "answer independence" and user pri

Key Findings A China-linked APT group, tracked as UAT-8837, has been targeting critical infrastructure sectors in North America since at least 2025. The threat actor has recently exploited a critical zero-day vulnerability in Sitecore (CVE-2025-53690, CVSS 9.0) to gain initial access to target networks. After obtaining a foothold, UAT-8837 deploys a range of open-source tools to harvest sensitive information, including credentials, security configurations, and Active Director

Key Findings AI-enhanced malware is making malware even more difficult to detect AI is used by adversaries to assess, adapt, and move faster than any cyber stack can keep up The industry is trapped in a futile chase, piling on detection tools and adding AI enhancements that still fail to close the foundational gap Enterprises now face an overwhelming flood of alerts, with many organizations reportedly beginning to limit the amount of data they ingest Background AppGuard has r

Key Findings and Insights Preparedness is dangerously low: While 77% of CISOs see third-party risk as a major threat, only 21% have tested crisis response plans in place. Most organizations are blind to vendors: Although 60% report rising third-party breaches, just 41% monitor risk beyond direct suppliers. Shadow AI is creating new attack paths: Despite rapid AI adoption, only 22% of CISOs have formal vetting processes, leaving unmanaged third-party AI tools embedded in core

Key Findings: The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a flaw impacting Gogs, a lightweight, open-source, self-hosted Git service, to its Known Exploited Vulnerabilities (KEV) catalog. The vulnerability, tracked as CVE-2025-8110, has a CVSS score of 8.7 and is a path traversal issue in the PutContents API that allows for local execution of code. The flaw is a bypass for a previously patched remote code execution (RCE) vulnerability, CVE-2024-

Key Findings A critical vulnerability (CVE-2025-12420) has been discovered in the ServiceNow AI Platform, allowing unauthenticated attackers to impersonate legitimate users. The vulnerability has a severity score of 9.3 out of 10 and poses a significant risk of privilege escalation. ServiceNow has released security updates to address the flaw, but self-hosted customers and partners need to take immediate action. Background The vulnerability, dubbed CVE-2025-12420, is a failur

Here is the article with the key findings in bullet point format, the background as the first major point, and the headers formatted with ##: Key Findings Threat actors uploaded 8 malicious packages on the npm registry masquerading as n8n workflow automation integrations to steal OAuth credentials One such package, "n8n-nodes-hfgjf-irtuinvcm-lasdqewriit", mimicked a Google Ads integration and prompted users to link their advertising account to siphon the credentials This atta

Here is an article in the requested format: Key Findings Cybersecurity researchers have uncovered two service providers that supply online criminal networks with tools and infrastructure to fuel the pig butchering-as-a-service (PBaaS) economy. Since 2016, Chinese-speaking criminal groups have established industrial-scale scam centers across Southeast Asia, creating special economic zones devoted to fraudulent investment and impersonation operations. These compounds host thous

Key Findings: A massive data breach has exposed the personal information of about 17.5 million Instagram users. The exposed data includes usernames, physical addresses, phone numbers, and email addresses. Cybercriminals have stolen this sensitive information and are selling it in batches on dark web forums. Affected users have reported receiving password reset emails, raising concerns about ongoing phishing attempts. Security experts warn this breach poses serious privacy and

Key Findings Trend Micro patched three vulnerabilities (CVE-2025-69258, CVE-2025-69259, CVE-2025-69260) in its Apex Central management console. The most severe issue is a LoadLibraryEX remote code execution (RCE) vulnerability tracked as CVE-2025-69258, with a CVSS score of 9.8. The other vulnerabilities are an unchecked NULL return value Denial of Service (DoS) issue (CVE-2025-69259) and a message out-of-bounds read Denial of Service (DoS) flaw (CVE-2025-69260), both with a

Key Findings: Chinese-speaking threat actors leveraged a compromised SonicWall VPN appliance as an initial access vector to deploy a VMware ESXi exploit toolkit. The toolkit targeted up to 155 ESXi builds and enabled virtual machine (VM) escape via disabled VMCI drivers and unsigned kernel drivers, potentially paving the way for a ransomware attack. The exploit chain included a sophisticated VM escape and appears to have been developed more than a year before the related VMwa

Key Findings The Astaroth banking Trojan is spreading in Brazil through a WhatsApp worm that automatically sends malicious messages to victims' contacts. The malware uses a Python-based propagation module to harvest the victim's WhatsApp contacts and automatically forward infected ZIP files, enabling self-spreading capabilities. A separate banking module operates silently in the background, monitoring the victim's browsing activity and stealing credentials when banking-relate

Key Findings A critical vulnerability (CVE-2026-21858, CVSS score of 10.0) has been discovered in the n8n workflow automation platform, dubbed "Ni8mare" by researchers. The flaw allows unauthenticated attackers to fully compromise affected n8n instances, exposing sensitive data and potentially leading to further system compromise. The vulnerability affects all versions of n8n prior to and including 1.65.0, and it was fixed in n8n version 1.121.0 in November 2025. Background n

Key Findings: Veeam has released security updates to address critical vulnerabilities in its Backup & Replication software, including a flaw with a CVSS score of 9.0 that could allow remote code execution (RCE). The most severe vulnerability, CVE-2025-59470 (CVSS 9.0), enables a Backup or Tape Operator to achieve RCE as the postgres user by sending a malicious interval or order parameter. Three other vulnerabilities, CVE-2025-55125 (CVSS 7.2), CVE-2025-59469 (CVSS 7.2), and C

Key Findings Threat actors are exploiting misconfigured email routing and spoof protection to impersonate organizations' internal domains and distribute phishing emails. These phishing campaigns leverage phishing-as-a-service (PhaaS) platforms like Tycoon 2FA, delivering a variety of lures related to voicemails, shared documents, HR communications, and password resets. The attack vector is not new, but Microsoft has observed a surge in its usage since May 2025, targeting a wi