Latest Blogs

The Coinbase Hack: Lessons for Businesses

Jun 27, 2025 By SecuritySenses In SecuritySenses

The recent attack on Coinbase - one of the largest and most regulated crypto exchanges - is yet another reminder that custodial infrastructure is far from safe. In this article, the BitHide team explains what happened, why custodial platforms are insecure, and what solutions help businesses work with crypto confidentially.

Read Post

SecuritySenses

Read more about The Coinbase Hack: Lessons for Businesses

The Hidden Cost of Field Service Inefficiencies: What You're Not Seeing on the Balance Sheet

Jun 27, 2025 By SecuritySenses In SecuritySenses

Managing field operations is a lot like repairing a leaky pipe you see the water, but not always the source. As someone who has spent over a decade overseeing technicians, tools, and tasks across multiple sites, I've learned that the biggest budget drain often comes from things that don't show up on a line item: delays, miscommunication, and time spent chasing information. These inefficiencies rarely make headlines, but they're bleeding money from service organizations. Let's break down how.

Read Post

SecuritySenses

Read more about The Hidden Cost of Field Service Inefficiencies: What You're Not Seeing on the Balance Sheet

GIFTEDCROOK's Strategic Pivot: From Browser Stealer to Data Exfiltration Platform During Critical Ukraine Negotiations

Jun 26, 2025 By Arctic Wolf Labs In Arctic Wolf

The Arctic Wolf Labs team has discovered that the cyber-espionage group UAC-0226, known for utilizing the infostealer GIFTEDCROOK, has significantly evolved its capabilities. It has transitioned the malware from a basic browser data stealer (which we’re referring to as v1), through two new upgrades (v1.2 and v1.3) into a robust intelligence-gathering tool. Analysis of early files from February 2025 suggests that the GIFTEDCROOK project began as a demo during that period.

Read Post

Arctic Wolf

Read more about GIFTEDCROOK's Strategic Pivot: From Browser Stealer to Data Exfiltration Platform During Critical Ukraine Negotiations

CVE-2025-20281 & CVE-2025-20282: Maximum Severity Unauthenticated RCE Vulnerabilities in Cisco ISE and ISE-PIC

Jun 26, 2025 By Andres Ramos In Arctic Wolf

On June 25, 2025, Cisco released patches for two maximum-severity vulnerabilities in Cisco Identity Services Engine (ISE) and ISE-Passive Identity Connector (ISE-PIC). Both flaws allow unauthenticated, remote threat actors to execute commands on the underlying operating system with root privileges via exposed HTTPS APIs. Although similar in outcome, the vulnerabilities are independent and do not require each other to be exploited.

Read Post

Arctic Wolf

Read more about CVE-2025-20281 & CVE-2025-20282: Maximum Severity Unauthenticated RCE Vulnerabilities in Cisco ISE and ISE-PIC

Outdated Routers: The Hidden Threat to Network Security, FBI Warns

Jun 26, 2025 By Kirsten Doyle In Tripwire

When was the last time you updated your router? If you’re not sure, you’re not alone, and this uncertainty could pose a serious risk to your business. The FBI recently warned that malicious actors are targeting end-of-life (EOL) routers (network devices that manufacturers no longer support or update). These outdated routers are being hijacked by bad actors who use them as a stepping stone into networks, turning them into cybercriminal proxies. The threat is real, and it’s growing.

Read Post

Tripwire

Read more about Outdated Routers: The Hidden Threat to Network Security, FBI Warns

Legacy Partnerships Are Costing You Customers: Power Up with Cato's Private PoP

Jun 26, 2025 By Jason Pender In Cato Networks

Having spent over two decades navigating the evolving landscape of service provider partnerships, I’ve witnessed firsthand how challenging it can be for providers to maintain profitability and differentiation. Increasingly, relying on legacy vendors feels akin to selling customers a shiny new car equipped with an outdated engine—appealing at first glance but disappointing once in use.

Read Post

Cato Networks

Read more about Legacy Partnerships Are Costing You Customers: Power Up with Cato's Private PoP

Automatically Discover Unmanaged Privileged Accounts: Now for Linux

Jun 26, 2025 By Ekran In Syteca

We are thrilled to announce that Syteca’s account discovery feature now supports Linux systems, expanding its capabilities to provide comprehensive visibility across hybrid IT environments.

Read Post

Syteca

Read more about Automatically Discover Unmanaged Privileged Accounts: Now for Linux

Operationalizing the OWASP AI Testing Guide with GitGuardian: Building Secure AI Foundations Through NHI Governance

Jun 26, 2025 By Dwayne McDaniel In GitGuardian

Align your AI pipelines with OWASP AI Testing principles using GitGuardian’s identity-based insights to monitor, enforce, and audit secrets and token usage.

Read Post

GitGuardian

Read more about Operationalizing the OWASP AI Testing Guide with GitGuardian: Building Secure AI Foundations Through NHI Governance

5 Ways CISOs Can Boost Operational Clarity

Jun 26, 2025 By The Graylog Team In Graylog

“CISOs and SOC analysts are fighting the same war, but too often, one’s answering to the board while the other’s drowning in alerts.” Security teams rarely fail because of a lack of skill or commitment. They fail when the coordination layer between the boardroom and the SOC starts to unravel.

Read Post

Graylog

Read more about 5 Ways CISOs Can Boost Operational Clarity

Securing AI code at the source: Mend.io now integrates with Cursor AI Code Editor

Jun 26, 2025 By Mend.io Team In Mend

AI is reshaping software development quickly. From boilerplate generation to test automation and refactoring, LLMs like the one behind Cursor are transforming how developers build. But with great power comes a new generation of vulnerabilities. At Mend.io, we’re excited to announce a native integration with Cursor, the IDE taking the dev world by storm.

Read Post

Mend

Read more about Securing AI code at the source: Mend.io now integrates with Cursor AI Code Editor

Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

The Coinbase Hack: Lessons for Businesses

The Hidden Cost of Field Service Inefficiencies: What You're Not Seeing on the Balance Sheet

GIFTEDCROOK's Strategic Pivot: From Browser Stealer to Data Exfiltration Platform During Critical Ukraine Negotiations

CVE-2025-20281 & CVE-2025-20282: Maximum Severity Unauthenticated RCE Vulnerabilities in Cisco ISE and ISE-PIC

Outdated Routers: The Hidden Threat to Network Security, FBI Warns

Legacy Partnerships Are Costing You Customers: Power Up with Cato's Private PoP

Automatically Discover Unmanaged Privileged Accounts: Now for Linux

Operationalizing the OWASP AI Testing Guide with GitGuardian: Building Secure AI Foundations Through NHI Governance

5 Ways CISOs Can Boost Operational Clarity

Securing AI code at the source: Mend.io now integrates with Cursor AI Code Editor

Monthly Archive

Follow Us