enterprise

Cisco email security appliances rooted and backdoored via still unpatched zero-day

Cisco email security appliances rooted and backdoored via still unpatched zero-day 2025-12-17 at 21:47 By Zeljka Zorz A suspected Chinese-nexus threat group has been compromising Cisco email security devices and planting backdoors and log-purging tools on them since at least late November 2025, Cisco Talos researchers have shared. “Our analysis indicates that appliances with non-standard […]

Cisco email security appliances rooted and backdoored via still unpatched zero-day Read More »

Enterprise password audits made practical for busy security teams

Enterprise password audits made practical for busy security teams 2025-12-01 at 08:36 By Sinisa Markovic Security teams carry a heavy load, and password risk is one of the most overlooked parts of that workload. Every year new systems, cloud tools, and shared services add more credentials into the mix. Some sit in proper vaults, others

Enterprise password audits made practical for busy security teams Read More »

CISOs are cracking under pressure

CISOs are cracking under pressure 2025-11-11 at 10:29 By Sinisa Markovic Cybersecurity leaders are hitting their limit. A new report from Nagomi Security shows that most CISOs are stretched thin, dealing with nonstop incidents, too many tools, and growing pressure from their boards. The pressures are so intense that many say they are burned out

CISOs are cracking under pressure Read More »

A new way to think about zero trust for workloads

A new way to think about zero trust for workloads 2025-11-03 at 09:10 By Mirko Zorz Static credentials have been a weak point in cloud security for years. A new paper by researchers from SentinelOne takes direct aim at that issue with a practical model for authenticating workloads without long-lived secrets. Instead of relying on

A new way to think about zero trust for workloads Read More »

Passwordless adoption moves from hype to habit

Passwordless adoption moves from hype to habit 2025-10-31 at 08:00 By Anamarija Pogorelec With the average person juggling more than 300 credentials and credential abuse still the top attack vector, the password’s decline is long overdue. Across every major sector, organizations are changing how users log in, and new data shows the shift is picking

Passwordless adoption moves from hype to habit Read More »

AI agents can leak company data through simple web searches

AI agents can leak company data through simple web searches 2025-10-29 at 10:24 By Mirko Zorz When a company deploys an AI agent that can search the web and access internal documents, most teams assume the agent is simply working as intended. New research shows how that same setup can be used to quietly pull

AI agents can leak company data through simple web searches Read More »

Microsoft releases urgent fix for actively exploited WSUS vulnerability (CVE-2025-59287)

Microsoft releases urgent fix for actively exploited WSUS vulnerability (CVE-2025-59287) 2025-10-24 at 15:38 By Zeljka Zorz Microsoft has released an out-of-band security update that “comprehensively” addresses CVE-2025-59287, a remote code execution vulnerability in the Windows Server Update Services (WSUS) that is reportedly being exploited in the wild. About CVE-2025-59287 WSUS is a tool that helps

Microsoft releases urgent fix for actively exploited WSUS vulnerability (CVE-2025-59287) Read More »

Attackers turn trusted OAuth apps into cloud backdoors

Attackers turn trusted OAuth apps into cloud backdoors 2025-10-22 at 15:43 By Zeljka Zorz Attackers are increasingly abusing internal OAuth-based applications to gain persistent access to cloud environments, Proofpoint researchers warn. These apps often remain unnoticed for quite some time and allow attackers to maintain access to high-privileged accounts even after passwords are reset or

Attackers turn trusted OAuth apps into cloud backdoors Read More »

Attackers are exploiting Gladinet CentreStack, Triofox vulnerability with no patch (CVE-2025-11371)

Attackers are exploiting Gladinet CentreStack, Triofox vulnerability with no patch (CVE-2025-11371) 2025-10-10 at 13:40 By Zeljka Zorz CVE-2025-11371, a unauthenticated Local File Inclusion vulnerability in Gladinet CentreStack and Triofox file-sharing and remote access platforms, is being exploited by attackers in the wild. While Gladinet is aware of the vulnerability and of its active exploitation, a

Attackers are exploiting Gladinet CentreStack, Triofox vulnerability with no patch (CVE-2025-11371) Read More »

Attackers compromised ALL SonicWall firewall configuration backup files

Attackers compromised ALL SonicWall firewall configuration backup files 2025-10-09 at 15:41 By Zeljka Zorz The attackers who brute-forced their way into SonicWall’s firewall cloud backup service accessed configuration backup files of all customers who have used the service, SonicWall stated on Wednesday, following the conclusion of a Mandiant-supported investigation into the incident. Early reports suggested

Attackers compromised ALL SonicWall firewall configuration backup files Read More »

Akira ransomware: From SonicWall VPN login to encryption in under four hours

Akira ransomware: From SonicWall VPN login to encryption in under four hours 2025-09-29 at 18:47 By Zeljka Zorz Four hours or less: that’s how long it takes for Akira affiliates to break into organizations and deploy the ransomware on their systems, Arctic Wolf researchers have warned. Armed with SonicWall SSL VPN credentials stolen in earlier

Akira ransomware: From SonicWall VPN login to encryption in under four hours Read More »

Attackers exploited critical Fortra GoAnywhere flaw in zero-day attacks (CVE-2025-10035)

Attackers exploited critical Fortra GoAnywhere flaw in zero-day attacks (CVE-2025-10035) 2025-09-26 at 17:50 By Zeljka Zorz CVE-2025-10035, a perfect CVSS 10.0 vulnerability in the Fortra GoAnywhere managed file transfer solution, has apparently been exploited in zero-day attacks before the patch was released on September 15, 2025. Evidence of in-the-wild exploitation revealed On September 18, Fortra

Attackers exploited critical Fortra GoAnywhere flaw in zero-day attacks (CVE-2025-10035) Read More »

Cisco fixes IOS/IOS XE zero-day exploited by attackers (CVE-2025-20352)

Cisco fixes IOS/IOS XE zero-day exploited by attackers (CVE-2025-20352) 2025-09-25 at 15:33 By Zeljka Zorz Cisco has fixed 14 vulnerabilities in IOS and IOS XE software, among them CVE-2025-20352, a high-severity vulnerability that has been exploited in zero-day attacks. About CVE-2025-20352 Cisco IOS software can be found on older models of Cisco Catalyst switches, Integrated

Cisco fixes IOS/IOS XE zero-day exploited by attackers (CVE-2025-20352) Read More »

New framework sets baseline for SaaS security controls

New framework sets baseline for SaaS security controls 2025-09-25 at 10:12 By Anamarija Pogorelec Managing security across dozens or even hundreds of SaaS apps has become a major headache. Each tool has its own settings, permissions, and logs, and most third-party risk processes only look at the vendor’s overall security, not the app itself. That

New framework sets baseline for SaaS security controls Read More »

Unpatched Fortra GoAnywhere instances at risk of full takeover (CVE-2025-10035)

Unpatched Fortra GoAnywhere instances at risk of full takeover (CVE-2025-10035) 2025-09-22 at 14:20 By Zeljka Zorz If you’re running Fortra’s GoAnywhere managed file transfer solution and you haven’t updated to the latest available version for a while, do so now or risk getting your instance compromised via CVE-2025-10035. About CVE-2025-10035 CVE-2025-10035 is a critical deserialization

Unpatched Fortra GoAnywhere instances at risk of full takeover (CVE-2025-10035) Read More »

Ransomware attackers used incorrectly stored recovery codes to disable EDR agents

Ransomware attackers used incorrectly stored recovery codes to disable EDR agents 2025-09-16 at 15:46 By Zeljka Zorz All target organizations are different, but ransomware attackers are highly adaptive and appreciate – and will exploit – any mistake you make. The latest Akira ransomware attacks Managed security service providers and external incident responders have had a

Ransomware attackers used incorrectly stored recovery codes to disable EDR agents Read More »

Most enterprise AI use is invisible to security teams

Most enterprise AI use is invisible to security teams 2025-09-15 at 10:38 By Mirko Zorz Most enterprise AI activity is happening without the knowledge of IT and security teams. According to Lanai, 89% of AI use inside organizations goes unseen, creating risks around data privacy, compliance, and governance. This blind spot is growing as AI

Most enterprise AI use is invisible to security teams Read More »

Ongoing malvertising campaign targets European IT workers with fake GitHub Desktop installers

Ongoing malvertising campaign targets European IT workers with fake GitHub Desktop installers 2025-09-09 at 09:46 By Zeljka Zorz Researchers have spotted a malvertising (and clever malware delivery) campaign targeting IT workers in the European Union with fake GitHub Desktop installers. “We believe the goal of this campaign was to gain initial access to organizations for

Ongoing malvertising campaign targets European IT workers with fake GitHub Desktop installers Read More »

Attackers are exploiting critical SAP S/4HANA vulnerability (CVE-2025-42957)

Attackers are exploiting critical SAP S/4HANA vulnerability (CVE-2025-42957) 2025-09-05 at 15:03 By Zeljka Zorz A critical vulnerability (CVE-2025-42957) in SAP S/4HANA enterprise resource planning software is being exploited by attackers “to a limited extent”, the Dutch National Cyber Security Center (NCSC NL) has warned on Friday. Their alert seems to be based on a report

Attackers are exploiting critical SAP S/4HANA vulnerability (CVE-2025-42957) Read More »

Sitecore zero-day vulnerability exploited by attackers (CVE-2025-53690)

Sitecore zero-day vulnerability exploited by attackers (CVE-2025-53690) 2025-09-04 at 14:48 By Zeljka Zorz A threat actor is leveraging a zero-day vulnerability (CVE-2025-53690) and an exposed sample ASP.NET machine key to breach internet-facing, on-premises deployments of several Sitecore solutions, Mandiant has revealed. About CVE-2025-53690 CVE-2025-53690 is a ViewState deserialization vulnerability that affects any version of Sitecore

Sitecore zero-day vulnerability exploited by attackers (CVE-2025-53690) Read More »

Scroll to Top