Our news

  • Burnout and Alert Fatigue in Cybersecurity

    Cybersecurity workers operate in an environment where they must protect against the constantly evolving tactics of cyber criminals. Often the systems created to support defensive operations can generate excessive noise for analysts who must filter through a flood of alerts which frequently contain numerous false positives. When cybersecurity professionals face these relentless streams of alerts, they can…

    READ MORE

  • Vulnerability Summary for the Week of April 21, 2025

    High Vulnerabilities PrimaryVendor — Product Description Published CVSS Score Source Info AdeptLanguage–Adept  Adept is a language for general purpose programming. Prior to commit a1a41b7, the remoteBuild.yml workflow file uses actions/upload-artifact@v4 to upload the mac-standalone artifact. This artifact is a zip of the current directory, which includes the automatically generated .git/config file containing the run’s GITHUB_TOKEN.…

    READ MORE

  • Vulnerability Summary for the Week of April 14, 2025

    High Vulnerabilities PrimaryVendor — Product Description Published CVSS Score Source Info apple — macos  A memory corruption issue was addressed with improved bounds checking. This issue is fixed in tvOS 18.4.1, visionOS 2.4.1, iOS iOS 18.4.1 and iPadOS 18.4.1, macOS Sequoia 15.4.1. Processing an audio stream in a maliciously crafted media file may result in…

    READ MORE

  • CISA Releases Guidance on Credential Risks Associated with Potential Legacy Oracle Cloud Compromise

    CISA is aware of public reporting regarding potential unauthorized access to a legacy Oracle cloud environment. While the scope and impact remains unconfirmed, the nature of the reported activity presents potential risk to organizations and individuals, particularly where credential material may be exposed, reused across separate, unaffiliated systems, or embedded (i.e., hardcoded into scripts, applications,…

    READ MORE

  • Beware of the Tax Trap

    It’s that time of year again, tax season, and if you are anything like me and most of my friends who keep saying “I need to file my taxes” all the way until April 14th, you know that day is here. Don’t worry, millions of Americans are scrambling to file their 2024 returns before tomorrow’s…

    READ MORE

  • A Seismic Shift in Cryptography and Cybersecurity 

    The field of cybersecurity is staring down the barrel of a fundamental shift in how we look at security and encryption, and quantum computers are holding the business end of this particular boom stick. A computer’s thought process will run in the binary code known as bits, where 1s and 0s are processed in order.…

    READ MORE

  • Vulnerability Summary for the Week of April 7, 2025

    High Vulnerabilities PrimaryVendor — Product Description Published CVSS Score Source Info n/a — n/a   A vulnerability has been identified in SENTRON 7KT PAC1260 Data Manager (All versions). Affected devices contain hardcoded credentials for remote access to the device operating system with root privileges. This could allow unauthenticated remote attackers to gain full access to…

    READ MORE

  • Fortinet Releases Advisory on New Post-Exploitation Technique for Known Vulnerabilities

    Fortinet is aware of a threat actor creating a malicious file from previously exploited Fortinet RCE vulnerabilities within FortiOS and FortiGate products. This malicious file could enable read-only access to files on the devices’ file system, which may include configurations.  See the following resource for more information: Analysis of Threat Actor Activity | Fortinet Blog…

    READ MORE

  • Future Advancements Call for Future Defenses Today

    The days of “Password12345” have been long gone, but what about something more complex? Most websites, and applications require that your password contain a certain complexity such as a special character, a minimum length, and a number i.e. “Pa$&w0rd12345islong!”. However, we have all done it before; you forget your password to an account, or maybe…

    READ MORE

  • Vulnerability Summary for the Week of March 31, 2025

    High Vulnerabilities PrimaryVendor — Product Description Published CVSS Score Source Info Aboobacker.–AB Google Map Travel  Cross-Site Request Forgery (CSRF) vulnerability in Aboobacker. AB Google Map Travel allows Cross Site Request Forgery. This issue affects AB Google Map Travel : from n/a through 4.6. 2025-03-31 7.1 CVE-2025-31613 acme.sh project–acme.sh  The Docker image from acme.sh before 40b6db6…

    READ MORE