Latest News
Organizations are seeking assistance to fix critical vulnerabilities. Solutions that orchestrate and automate network device protection put us on the right path.
Phishers are abusing Apple and Microsoft infrastructure to send out call-back phishing emails with legitimate sender and return addresses.
Paris, France, 2025 – iExec has announced the deployment of its privacy framework on Arbitrum, enabling the creation…
North Korea’s Lazarus Group uses the ClickFix scam in fake crypto job interviews to deploy malware, steal data,…
The China-backed threat actors have used the previously undiscovered infrastructure to obtain long-term, stealthy access to targeted organizations.
Cybersecurity never slows down. Every week brings new threats, new vulnerabilities, and new lessons for defenders. For security and IT teams, the challenge is not just keeping up with the news—it’s knowing which risks matter most right now. That’s what this digest is here for: a clear, simple briefing to help you focus where it counts. This week, one story stands out above the rest: the
Explore lessons learned from over two years of Talos IR pre-ransomware engagements, highlighting the key security measures, indicators and recommendations that have proven effective in stopping ransomware attacks before they begin.
There is a serialization of Untrusted Data vulnerability in Apache Jackrabbit Core and Apache Jackrabbit JCR Commons. This issue affects Apache Jackrabbit Core: from 1.0.0 through 2.22.1; Apache Jackrabbit JCR Commons: from 1.0.0 through 2.22.1. Deployments that accept JNDI URIs for JCR lookup from untrusted users allows them to inject malicious JNDI references, potentially leading to arbitrary code execution through deserialization of untrusted data. Users are recommended to upgrade to version 2.22.2. JCR lookup through JNDI has been disabled by default in 2.22.2. Users of this feature need to enable it explicitly and are adviced to review their use of JNDI URI for JCR lookup.
When Attackers Get Hired: Today’s New Identity Crisis What if the star engineer you just hired isn’t actually an employee, but an attacker in disguise? This isn’t phishing; it’s infiltration by onboarding. Meet “Jordan from Colorado,” who has a strong resume, convincing references, a clean background check, even a digital footprint that checks out. On day one, Jordan logs into email and attends
A list of topics we covered in the week of September 1 to September 7 of 2025