News

Five fundamentals for a cyber-resilient future

Bys s July 23, 2025

How to stay adaptive and reduce risk in an evolving threat landscape.

News

Critical Ingress NGINX Controller Vulnerability Allows RCE Without Authentication
Bys s March 24, 2025

A set of five critical security shortcomings have been disclosed in the Ingress NGINX Controller for Kubernetes that could result in unauthenticated remote code execution, putting over 6,500 clusters at immediate risk by exposing the component to the public internet. The vulnerabilities (CVE-2025-24513, CVE-2025-24514, CVE-2025-1097, CVE-2025-1098, and CVE-2025-1974 ), assigned a CVSS score of

Read More Critical Ingress NGINX Controller Vulnerability Allows RCE Without Authentication
News

Preparing for the Digital Battlefield of 2026: Ghost Identities, Poisoned Accounts, & AI Agent Havoc
Bys s October 29, 2025

BeyondTrust’s annual cybersecurity predictions point to a year where old defenses will fail quietly, and new attack vectors will surge. Introduction The next major breach won’t be a phished password. It will be the result of a massive, unmanaged identity debt. This debt takes many forms: it’s the “ghost” identity from a 2015 breach lurking…

Read More Preparing for the Digital Battlefield of 2026: Ghost Identities, Poisoned Accounts, & AI Agent Havoc
News

Critical Unpatched SharePoint Zero-Day Actively Exploited, Breaches 75+ Global Organizations
Bys s July 20, 2025

A critical security vulnerability in Microsoft SharePoint Server has been weaponized as part of an “active, large-scale” exploitation campaign. The zero-day flaw, tracked as CVE-2025-53770 (CVSS score: 9.8), has been described as a variant of CVE-2025-49706 (CVSS score: 6.3), a spoofing bug in Microsoft SharePoint Server that was addressed by the tech giant as part…

Read More Critical Unpatched SharePoint Zero-Day Actively Exploited, Breaches 75+ Global Organizations
News

DPRK Hackers Steal $137M from TRON Users in Single-Day Phishing Attack
Bys s April 23, 2025

Multiple threat activity clusters with ties to North Korea (aka Democratic People’s Republic of Korea or DPRK) have been linked to attacks targeting organizations and individuals in the Web3 and cryptocurrency space. “The focus on Web3 and cryptocurrency appears to be primarily financially motivated due to the heavy sanctions that have been placed on North…

Read More DPRK Hackers Steal $137M from TRON Users in Single-Day Phishing Attack
News

Google Sues 25 Chinese Entities Over BADBOX 2.0 Botnet Affecting 10M Android Devices
Bys s July 18, 2025

Google on Thursday revealed it’s pursuing legal action in New York federal court against 25 unnamed individuals or entities in China for allegedly operating BADBOX 2.0 botnet and residential proxy infrastructure. “The BADBOX 2.0 botnet compromised over 10 million uncertified devices running Android’s open-source software (Android Open Source Project), which lacks Google’s security protections,”

Read More Google Sues 25 Chinese Entities Over BADBOX 2.0 Botnet Affecting 10M Android Devices
News

How SSL Misconfigurations Impact Your Attack Surface
Bys s April 2, 2025

When assessing an organization’s external attack surface, encryption-related issues (especially SSL misconfigurations) receive special attention. Why? Their widespread use, configuration complexity, and visibility to attackers as well as users make them more likely to be exploited. This highlights how important your SSL configurations are in maintaining your web application security and

Read More How SSL Misconfigurations Impact Your Attack Surface

Similar Posts