Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Prophylactic Cybersecurity for Healthcare

In healthcare, preventative medicine is always more effective, less costly, and has better outcomes than waiting until after a serious heart incident occurs. It’s an apt analogy for cybersecurity as well. Prophylactic (preventative) care in cybersecurity yields far better outcomes than constantly scrambling to respond to critical incidents. Yet, many healthcare organizations find themselves buried by an avalanche of newly discovered vulnerabilities and regulatory pressures.

Emerging Threat: Ivanti CVE-2025-22457

CVE-2025-22457, a critical vulnerability (CVSS 9.0) affecting Ivanti Connect Secure, Ivanti Policy Secure, and Ivanti ZTA Gateways. The issue stems from a stack-based buffer overflow triggered by sending a specially crafted X-Forwarded-For HTTP header. Successful exploitation enables unauthenticated remote code execution. This vulnerability was originally misidentified as a buffer overflow vulnerability that could not lead to either remote code execution (RCE) or denial of service (DoS).

Exploited: Critical Unauthenticated Access Vulnerability in CrushFTP (CVE-2025-2825)

In the ever-evolving landscape of web application vulnerabilities, a new critical flaw has emerged. CVE-2025-2825 is a high-severity vulnerability that allows attackers to bypass authentication on CrushFTP servers. This popular enterprise file transfer solution is often used in corporate environments to manage sensitive data, making this vulnerability particularly concerning.

IONIX Unveils Parked Domain Classification

IONIX is proud to announce the launch of our new Parked Domain Classification capability within our Exposure Management platform. This feature enables security teams to intelligently categorize and monitor parked domains as distinct assets, significantly reducing alert noise while maintaining comprehensive visibility across your entire domain portfolio.

Emerging Threat: Next.js CVE-2025-29927

A critical improper authorization vulnerability (CVSS 9.1) in Next.js, tracked as CVE-2025-29927, was publicly disclosed on March 21, 2025. Next.js is a popular React-based web framework used for building full-stack applications. This vulnerability impacts applications that utilize middleware for authorization checks. Middleware functions used to implement access control, session validation, redirects, or security headers on incoming HTTP requests.

Exploited! Kentico Xperience Staging Service Authentication Bypass Vulnerabilities (CVE-2025-2746 & CVE-2025-2747)

Recently, two critical security flaws were discovered in Kentico Xperience 13, a popular digital experience platform (CMS). Tracked as CVE-2025-2746 and CVE-2025-2747, these vulnerabilities allow unauthenticated attackers to bypass the Staging Sync Server’s authentication, potentially gaining administrative control over the CMS.

Knocknoc Raises Seed Funding to Scale Its Just-In-Time Network Access Control Technology

Sydney-based cybersecurity software company Knocknoc has raised a seed round from US-based venture capital firm Decibel Partners with support from CoAct and SomethingReal. The funding will support go-to-market, new staff, customer onboarding and product development. The company has appointed Adam Pointon as Chief Executive Officer. "The opportunity here is limitless," Pointon said. "You'd be hard pressed to find an organisation that couldn't benefit in some way from using Knocknoc.".

Spotlight on Technology: Mastering Attack Surface Management with Censys

In our latest episode, join me, James Rees, for a chat with Nick Palmer from Censys about the critical importance of attack surface management. With 25 years of experience in the industry, Nick explains how today's threat landscape has evolved dramatically, with attackers now discovering vulnerabilities within hours rather than weeks. We explore the challenges of maintaining visibility across expanding digital footprints, particularly with cloud adoption creating new blind spots for security teams.

Exploited! Apache Tomcat Path Equivalence Vulnerability (CVE-2025-24813)

Apache Tomcat recently disclosed a critical security vulnerability, CVE-2025-24813, affecting several versions of its widely used servlet container. This vulnerability arises from improper handling of path equivalence checks involving filenames with internal dots (file…txt). Exploitation could result in unauthorized information disclosure, file manipulation, and even remote code execution (RCE).

How Sedara ASM Transforms Cybersecurity for Your Business

Cybersecurity has advanced beyond the reliance on firewalls and antivirus software. As cyber threats become more sophisticated and unpredictable, traditional security tools alone are no longer enough. Modern attacks exploit unknown, unmanaged, and overlooked assets, making Attack Surface Management (ASM) essential for a proactive and comprehensive defense.