“Open WebUI stores the JWT token in localStorage,” Cato researchers said in a blog post. “Any script running on the page can access it. Tokens are long-lived by default, lack HttpOnly, and are cross-tab. When combined with the execute event,… Read More "Open WebUI bug turns the ‘free model’ into an enterprise backdoor"
Jaguar Land Rover (JLR) continues to suffer the aftermath of the major cyber-attack in late August that disrupted its operations between September and November. According to a financial statement published on January 5 by its owner, Tata Motors, the UK-based… Read More "Jaguar Land Rover’s Q3 Sales Crash Amid Cyber-Attack Fallout"
The National Institute of Standards and Technology (NIST) has issued special publications focused on improving Third-Party Risk Management (TPRM) and Supply Chain Risk Management (SCRM). The NIST Cyber Security Framework (NIST CSF) special publication has become a popular option for… Read More "Meeting the Third-Party Risk Requirements of NIST CSF in 2026"
CRIL has identified a commodity loader being leveraged by various threat actors in targeted email campaigns. Executive Summary CRIL (Cyble Research and Intelligence Labs) has been tracking a sophisticated commodity loader utilized by multiple high-capability threat actors. The campaign demonstrates… Read More "Unmasking The Loader Used In Targeted Email Campaigns"
ISO 27001:2022 compliance provides greater assurance that an organization is adequately managing its cybersecurity practices, such as protecting personal data and other types of sensitive data. Third-party risk management (TPRM) programs can benefit immensely from implementing the relevant ISO 270001… Read More "Meeting the Third-Party Risk Requirements of ISO 27001 in 2026"
Singapore Cyber Agency Warns of Critical IBM API Connect Vulnerability (CVE-2025-13915) A critical authentication bypass flaw, CVE-2025-13915, affects IBM API Connect. Singapore issues alert as IBM releases fixes. Overview The Cyber Security Agency of Singapore has issued an alert regarding a critical vulnerability affecting IBM… Read More "Critical IBM API Connect Flaw CVE-2025-13915 Alert"
Organizations face a complex cybersecurity conundrum. Attack surfaces are expanding faster than SOC teams can scan. All of which is leading to a never-ending cycle of swivel-chair security, context-free lists, increased alert fatigue, and slow remediation. The strategic pivot needed… Read More "A Practical Approach to Continuous Threat Exposure Management"
Jan 06, 2026Ravie LakshmananVulnerability / Web Security Users of the “@adonisjs/bodyparser” npm package are being advised to update to the latest version following the disclosure of a critical security vulnerability that, if successfully exploited, could allow a remote attacker to… Read More "Critical AdonisJS Bodyparser Flaw (CVSS 9.2) Enables Arbitrary File Write on Servers"
6. Appoint — and empower — deputies High-performing teams have CISOs who know they can’t do everything on their own and instead rely on deputies to help carry the load, says Steve Martano, faculty at IANS Research and a partner… Read More "6 strategies for building a high-performance cybersecurity team"
Email security refers to various cybersecurity measures to secure the access and content of an email account or service. Proper email security can protect sensitive information in email communications, prevent phishing attacks, spear phishing and email spoofing and protect against unauthorized access, loss or compromise of one… Read More "What Is Email Security? Best Practices for 2026"
