top of page
ALL POSTS
ServiceNow Security Incident Exposes Customer Data and Unauthorized Access
Key Findings ServiceNow applied a security update on June 5, 2026 to address an unauthenticated access vulnerability affecting hosted customer instances The flaw allowed unauthorized users to gain elevated access to ServiceNow instances and query customer data Evidence shows successful data access occurred for a subset of customers between June 2-4, 2026 The vulnerability stems from an API endpoint configuration that did not require authentication Community reports allege Ser
Jun 103 min read
Trellix Confirms Source Code Breach Following Unauthorized Repository Access
Key Findings Trellix discovered unauthorized access to a portion of its source code repository Company engaged forensic experts and notified law enforcement immediately upon discovery No evidence found that source code was altered, exploited, or used in malicious distribution Identity of attackers and duration of access remain unknown Exact nature of accessed data has not been disclosed Investigation ongoing with additional details expected upon completion Background Trellix
May 22 min read
Identity-Based Attacks: How Adversaries Bypass Security by Walking Through the Front Door
Key Findings Stolen credentials remain the most reliable initial access vector for attackers, despite industry focus on zero-days and sophisticated exploits Identity-based attacks are accelerating due to AI automation of credential testing, custom tooling development, and phishing sophistication Traditional linear incident response models fail against real-world breaches that evolve and expand unpredictably The Dynamic Approach to Incident Response (DAIR) uses iterative loops
Apr 213 min read
Sangoma FreePBX Vulnerability Exploited, Impacts Over 900 Instances
Key Findings About 900 Sangoma FreePBX systems were infected with web shells after attackers exploited a command injection flaw. Hundreds of Sangoma FreePBX instances are still infected with web shells following attacks that began in December 2025. The campaign exploited a post-authentication command injection vulnerability, tracked as CVE-2025-64328 (CVSS score of 8.6), in the endpoint manager interface. The Shadowserver Foundation reports that around 900 FreePBX instances a
Mar 12 min read
Detego Global Launches Case Management Platform for Digital Forensics and Incident Response Teams
Key Findings: Detego Global, the company behind the award-winning Unified Digital Forensics Platform, has launched Detego Case Manager for DFIR, a powerful case management platform for digital forensics and incident response (DFIR) teams. The new platform addresses the real-world challenges of managing high-volume, complex digital investigations across multiple locations and touchpoints, whether on-scene or in the laboratory. Detego Case Manager for DFIR delivers full-spectru
Nov 25, 20252 min read
bottom of page
