Our news

  • Your Devices May Be Spying on You — And You Would Never Know

    For anyone who frequently shops online, you may have noticed an increase in the number of electronic products sold by obscure, unheard of companies. Many of these products come with unbelievably, surprisingly affordable prices. A 4K projector with dual-band WiFi 6, 5G wireless, Bluetooth 5.2, and Android 13 for $54. What a deal. It almost

    READ MORE

  • CISA and Partners Release Guidance for Ongoing Global Exploitation of Cisco SD-WAN Systems

    The purpose of this Alert is to provide resources for organizations with Cisco Software-Defined Wide-Area Networking (SD-WAN) systems, including Federal Civilian Executive Branch (FCEB) agencies, to address ongoing exploitation of multiple vulnerabilities. Notably, the Cybersecurity and Infrastructure Security Agency (CISA) has added CVE-2026-20127 and CVE-2022-20775 to its Known Exploited Vulnerabilities (KEV) Catalog on Feb. 25, 2026. As

    READ MORE

  • Salesforce Breaches 2025

    The second half of the year came with several waves of Salesforce-related breach incidents. Starting in August, researchers first linked the threat actors UNC6395/ShinyHunters. They were conducting a widespread campaign that targeted Salesforce environments by using compromised OAuth tokens linked to Salesloft’s Drift AI customer-engagement integration. The second wave can be considered more of a

    READ MORE

  • Vulnerability Summary for the Week of February 2, 2026

    High Vulnerabilities PrimaryVendor — Product Description Published CVSS Score Source Info Patch Info Insaat–Fikir Odalari AdminPando A SQL injection vulnerability exists in the login functionality of Fikir Odalari AdminPando 1.0.1 before 2026-01-26. The username and password parameters are vulnerable to SQL injection, allowing unauthenticated attackers to bypass authentication completely. Successful exploitation grants full administrative access

    READ MORE

  • Vulnerability Summary for the Week of January 26, 2026

    High Vulnerabilities PrimaryVendor — Product Description Published CVSS Score Source Info Patch Info 10-Strike Software–Bandwidth Monitor 10-Strike Bandwidth Monitor 3.9 contains a buffer overflow vulnerability that allows attackers to bypass SafeSEH, ASLR, and DEP protections through carefully crafted input. Attackers can exploit the vulnerability by sending a malicious payload to the application’s registration key input,

    READ MORE

  • Vulnerability Summary for the Week of January 19, 2026

    High Vulnerabilities PrimaryVendor — Product Description Published CVSS Score Source Info Patch Info Agatasoft–AgataSoft PingMaster Pro AgataSoft PingMaster Pro 2.1 contains a denial of service vulnerability in the Trace Route feature that allows attackers to crash the application by overflowing the host name input field. Attackers can generate a 10,000-character buffer and paste it into

    READ MORE

  • Vulnerability Summary for the Week of January 12, 2026

    High Vulnerabilities PrimaryVendor — Product Description Published CVSS Score Source Info Patch Info 10-Strike–Strike Network Inventory Explorer Pro 10-Strike Network Inventory Explorer Pro 9.31 contains a buffer overflow vulnerability in the text file import functionality that allows remote code execution. Attackers can craft a malicious text file with carefully constructed payload to trigger a reverse

    READ MORE

  • Vulnerability Summary for the Week of January 5, 2026

    High Vulnerabilities PrimaryVendor — Product Description Published CVSS Score Source Info Patch Info AA-Team–Amazon Native Shopping Recommendations Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in AA-Team Amazon Native Shopping Recommendations allows SQL Injection.This issue affects Amazon Native Shopping Recommendations: from n/a through 1.3. 2026-01-05 9.3 CVE-2025-30633 https://vdp.patchstack.com/database/wordpress/plugin/woozone-contextual/vulnerability/wordpress-amazon-native-shopping-recommendations-plugin-1-3-sql-injection-vulnerability?_s_id=cve  AA-Team–Premium Age

    READ MORE

  • Artificial Intelligence Threat Landscape

    Artificial Intelligence (AI) is one of the fastest-growing aspects of the tech industry. Whether for professional or personal use, AI is a part of almost everyone’s life, from Google searches to work applications. As AI capabilities expand and more use cases emerge, the risk of exploitation also increases. While AI is a tool that IT

    READ MORE

  • Vulnerability Summary for the Week of December 29, 2025

    High Vulnerabilities PrimaryVendor — Product Description Published CVSS Score Source Info Patch Info SmarterTools–SmarterMail Successful exploitation of the vulnerability could allow an unauthenticated attacker to upload arbitrary files to any location on the mail server, potentially enabling remote code execution. 2025-12-29 10 CVE-2025-52691 https://www.csa.gov.sg/alerts-and-advisories/alerts/al-2025-124/  MiniDVBLinux–MiniDVBLinux MiniDVBLinux 5.4 contains a remote command execution vulnerability that allows

    READ MORE