Security | Threat Detection | Cyberattacks | DevSecOps | Compliance
The Latest Cybersecurity News & Insights From Around The World
Vulnerability Management as a Service (VMaaS): Benefits and Considerations
In the era of digital transformation, businesses are increasingly relying on technology to drive innovation and growth. However, this dependence comes with the heightened risk of cyber threats. To protect sensitive data and maintain operational integrity, organizations recognize the growing need for robust cybersecurity solutions.
Are YOU impacted by this Next.js Vulnerability?
Are YOU impacted by this Next.js Vulnerability?
Bypassing Tenant Isolation in Microsoft Power Platform: A Security Loophole You Should Know
Microsoft Power Platform, specifically Power Automate and Copilot Studio, makes it easy for organizations to quickly build automations and AI agents. To keep them secure and compliant, Tenant Isolation is a critical feature designed to prevent unauthorized cross-tenant communication. However, in our latest research, we discovered a high-severity vulnerability that bypasses Tenant Isolation policies using the HTTP Connector - potentially exposing sensitive data and enabling unauthorized actions.
Unmasking EncryptHub: Help from ChatGPT & OPSEC blunders
This is the second part of Outpost24’s KrakenLabs investigation into EncryptHub, an up-and-coming cybercriminal who has been gaining popularity in recent months and is heavily expanding and evolving operations at the time of writing. We’ve already published one article explaining EncryptHub’s campaigns and TPPs, infrastructure, infection methods, and targets.
Supporting CTEM Scoping with Exposure Assessment Platforms
In our recent article on Continuous Threat Exposure Management (CTEM), we highlighted how exposure assessment platforms (EAPs) like Nucleus can support several critical phases of the CTEM framework. In that article, we intentionally separated the scoping step from the other technology-dependent CTEM stages. Scoping begins as a business- and process-driven exercise. However, doing scoping well and at scale relies more on having the right technology.
Achieving Continuous Exposure Management in Cloud-Native Environments
In this webinar, "Achieving Continuous Exposure Management in Cloud-Native Environments," Tally Netzer and Aaron Unterberger from Nucleus dive deep into how modern cloud architectures impact vulnerability and exposure management. You'll learn: Why traditional vulnerability management falls short in cloud-native, ephemeral environments. How fragmented visibility and unclear ownership disrupt effective security practices.
CVE-2025-22457: Ivanti Connect Secure VPN Vulnerable to Zero-Day RCE Exploitation
On April 3, 2025, Ivanti disclosed a critical zero-day vulnerability, CVE-2025-22457, affecting Ivanti Connect Secure, Policy Secure, and ZTA Gateways. This stack-based buffer overflow allows remote unauthenticated threat actors to achieve remote code execution (RCE) and has been exploited in the wild. At the time of writing, exploitation has only been observed in Connect Secure, not Policy Secure or ZTA Gateway.
