ALL POSTS

Key Findings BreachLock named a Leader and Fast Mover in the 2025 GigaOm Radar Report for Penetration Testing as a Service (PTaaS) for the third consecutive year The report evaluated 16 top PTaaS providers based on key feature capabilities, enterprise business requirements, deployment models, and other important decision-making criteria BreachLock scored highly in all evaluated categories, except for crowdsourcing pentesters, which the company does not offer BreachLock's in-h

Key Findings Kevin Lancaster, a leading channel expert and tech entrepreneur, has joined the board of usecure as a Non-Executive Director. Lancaster's appointment is expected to accelerate usecure's growth in the North American channel, building on the company's existing momentum and partnerships. usecure provides human risk management solutions for the channel, helping MSPs and internal IT teams reduce cyber risk through behavior change and data-driven insights. The company

Key Findings Despite being over two decades old, the NTLM authentication protocol remains a critical security liability in 2025. Cybercriminals are actively exploiting newly discovered vulnerabilities to launch sophisticated attacks across the globe. One of the most alarming vulnerabilities is CVE-2024-43451, which allows attackers to steal a user's NTLMv2 hash with virtually no interaction. The vulnerability abuses the MSHTML engine to trigger an NTLM authentication attempt

Key Findings Gartner recognized One Identity as a Visionary in the 2025 Gartner Magic Quadrant for Privileged Access Management (PAM) Placement as a Visionary reflects the company's emphasis on simplified security, accelerated adoption, and intelligence-driven identity protection Visionary classification validates One Identity's strategy of blending AI-driven administration, flexible deployment, and customer-first design Background According to Gartner, Visionaries are "noted

Key Findings Cybersecurity researchers have discovered a malicious Chrome extension named "Crypto Copilot" that injects hidden Solana transfer fees into Raydium swap transactions. The extension silently appends an extra transfer instruction to each swap, siphoning a minimum of 0.0013 SOL or 0.05% of the trade amount to an attacker-controlled wallet. The malicious behavior is concealed through obfuscation techniques, and the extension's user interface only shows the legitimate

Key Findings A critical remote code execution (RCE) vulnerability, tracked as CVE-2025-62593, has been discovered in the Ray framework. The vulnerability allows attackers to execute arbitrary code on a developer's machine via a malicious website or advertisement, targeting users of Safari and Firefox. The attack exploits a flaw in how Ray handles local API requests, bypassing the framework's defense mechanism that relies on checking the User-Agent header. Background Ray is a

Key Findings Microsoft Teams' "Guest Access" feature allows attackers to bypass security controls like Microsoft Defender for Office 365, creating a "protection-free zone" for malware delivery. Attackers can easily create basic Microsoft 365 accounts without security features and use them to send phishing links and malware to guest users. A recent Microsoft feature that allows any Teams user to start a chat with any email address makes it even easier for attackers to lure vic

Key Findings INE, the leading provider of hands-on IT and Cybersecurity training, announced a significant expansion of its learning portfolio. The new content includes courses, hands-on labs, and certification prep resources designed to help professionals cross-skill and upskill. INE's training model emphasizes hands-on learning, scenario-based exercises, and progressive skill-building paths. INE is offering limited-time pricing during the Black Friday period, providing reduc

Key Findings: Detego Global, the company behind the award-winning Unified Digital Forensics Platform, has launched Detego Case Manager for DFIR, a powerful case management platform for digital forensics and incident response (DFIR) teams. The new platform addresses the real-world challenges of managing high-volume, complex digital investigations across multiple locations and touchpoints, whether on-scene or in the laboratory. Detego Case Manager for DFIR delivers full-spectru

Key Findings CISA has issued an alert warning of threat actors actively using commercial spyware and remote access trojans (RATs) to target users of mobile messaging apps like Signal and WhatsApp. The attackers employ sophisticated social engineering and targeting techniques to deliver spyware and gain unauthorized access to victims' messaging apps, enabling further device compromise. The targeting appears opportunistic but often focuses on high-value individuals such as gove

Key Findings Cybersecurity researchers have discovered five vulnerabilities in Fluent Bit, an open-source and lightweight telemetry agent, that could be chained to compromise and take over cloud infrastructures. The security defects allow attackers to bypass authentication, perform path traversal, achieve remote code execution, cause denial-of-service conditions, and manipulate tags. Successful exploitation of the flaws could enable attackers to disrupt cloud services, manipu

Key Findings Blast Security, a cybersecurity startup, has launched from stealth with a $10 million seed round co-led by 10D and MizMaa Ventures. The company is founded by industry veterans from Solebit (acquired by Mimecast) and elite IDF units. Blast is introducing a new operating model for cloud security with its first-of-its-kind Preemptive Cloud Defense Platform. The platform replaces reactive response with continuous prevention, turning native cloud control into a preven

Key Findings A critical vulnerability, tracked as CVE-2025-11001, has been discovered in the popular file-compression tool 7-Zip. The flaw, which is a Directory Traversal Remote Code Execution (RCE) vulnerability, has a public exploit available. The vulnerability poses a high-risk warning from the UK's NHS England Digital, though active exploitation has not been observed yet. The issue was discovered by researchers at GMO Flatt Security Inc. and revealed by Trend Micro's Zero

Key Findings Grafana has patched a critical vulnerability (CVE-2025-41115) in its SCIM (System for Cross-domain Identity Management) implementation with a CVSS score of 10.0. The flaw could allow a malicious or compromised SCIM client to provision a user with a numeric `externalId`, enabling potential impersonation or privilege escalation under certain configurations. The vulnerability affects Grafana Enterprise versions from 12.0.0 to 12.2.1 and has been addressed in Grafana

Key Findings The U.S. Securities and Exchange Commission (SEC) has abandoned its lawsuit against SolarWinds and its chief information security officer Timothy G. Brown. The SEC alleged in 2023 that SolarWinds and Brown had misled investors about the security practices that led to the 2020 supply chain attack, which was attributed to a Russian state-sponsored threat actor. However, in July 2024, many of these allegations were thrown out by the U.S. District Court for the South

Key Findings Sturnus is a new Android banking trojan with full device-takeover capabilities It targets secure messaging apps like WhatsApp, Telegram, and Signal to bypass encryption and steal sensitive data Sturnus employs sophisticated techniques like HTML overlays and accessibility-based keylogging to capture on-screen content, including messages, contacts, and credentials The malware enables remote control of infected devices through screen mirroring and a structured UI ma

Key Findings New Android banking trojan called Sturnus enables credential theft and full device takeover for financial fraud Key differentiator is ability to bypass encrypted messaging on apps like WhatsApp, Telegram, and Signal Captures content directly from device screen after decryption, allowing monitoring of private communications Stages overlay attacks to steal banking credentials and leverages accessibility services for extensive device control Blocks uninstallation at

Key Findings The U.S. Treasury Department, along with officials from the U.K. and Australia, imposed sanctions on two Russian bulletproof hosting providers and their key personnel. The targeted providers, Media Land and its subsidiaries, are accused of supporting ransomware operations and other cybercrime activities. The sanctions also targeted individuals and companies that helped the previously sanctioned Aeza Group evade sanctions and reconstitute their operations. Cybercr

Key Findings A recently disclosed security vulnerability in 7-Zip, CVE-2025-11001 (CVSS score: 7.0), is being actively exploited in the wild. The vulnerability allows remote attackers to execute arbitrary code by exploiting improper handling of symbolic links in ZIP files. Proof-of-concept (PoC) exploits for the flaw have been publicly released, making it essential for 7-Zip users to update to the patched version 25.00 as soon as possible. The vulnerability can only be exploi

Key Findings In Q3 2025, Kaspersky Security Network prevented 47 million attacks involving mobile malware, adware, or unwanted software. Trojans were the most widespread mobile malware, affecting 15.78% of attacked users. Over 197,000 malicious installation packages were discovered, including 52,723 associated with mobile banking Trojans and 1,564 identified as mobile ransomware. Background The Kaspersky Security Network (KSN) is a global network for analyzing anonymized thre