Jun 26, 2025Ravie LakshmananOpen Source / Vulnerability Cybersecurity researchers have disclosed a critical vulnerability in the Open VSX Registry (“open-vsx[.]org”) that, if successfully exploited, could have enabled attackers to take control of the entire Visual Studio Code extensions marketplace, posing… Read More "Critical Open VSX Registry Flaw Exposes Millions of Developers to Supply Chain Attacks"
Jun 26, 2025Ravie LakshmananVulnerability, Network Security Cisco has released updates to address two maximum-severity security flaws in Identity Services Engine (ISE) and ISE Passive Identity Connector (ISE-PIC) that could permit an unauthenticated attacker to execute arbitrary commands as the root… Read More "Critical RCE Flaws in Cisco ISE and ISE-PIC Allow Unauthenticated Attackers to Gain Root Access"
SaaS Adoption is Skyrocketing, Resilience Hasn’t Kept Pace SaaS platforms have revolutionized how businesses operate. They simplify collaboration, accelerate deployment, and reduce the overhead of managing infrastructure. But with their rise comes a subtle, dangerous assumption: that the convenience of… Read More "Why Built-In Protections Aren’t Enough for Modern Data Resilience"
Jun 26, 2025Ravie LakshmananCyber Espionage / Malware An Iranian state-sponsored hacking group associated with the Islamic Revolutionary Guard Corps (IRGC) has been linked to a spear-phishing campaign targeting journalists, high-profile cyber security experts, and computer science professors in Israel. “In… Read More "Iranian APT35 Hackers Targeting Israeli Tech Experts with AI-Powered Phishing Attacks"
Jun 26, 2025Ravie LakshmananVulnerability / Firmware Security The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Wednesday added three security flaws, each impacting AMI MegaRAC, D-Link DIR-859 router, and Fortinet FortiOS, to its Known Exploited Vulnerabilities (KEV) catalog, based on… Read More "CISA Adds 3 Flaws to KEV Catalog, Impacting AMI MegaRAC, D-Link, Fortinet"
Jun 25, 2025Ravie LakshmananVPN Security / Malware Unknown threat actors have been distributing a trojanized version of SonicWall’s SSL VPN NetExtender application to steal credentials from unsuspecting users who may have installed it. “NetExtender enables remote users to securely connect… Read More "SonicWall NetExtender Trojan and ConnectWise Exploits Used in Remote Access Attacks"
If you invite guest users into your Entra ID tenant, you may be opening yourself up to a surprising risk. A gap in access control in Microsoft Entra’s subscription handling is allowing guest users to create and transfer subscriptions into… Read More "Beware the Hidden Risk in Your Entra Environment"
Jun 25, 2025Ravie LakshmananSaaS Security / Vulnerability New research has uncovered continued risk from a known security weakness in Microsoft’s Entra ID, potentially enabling malicious actors to achieve account takeovers in susceptible software-as-a-service (SaaS) applications. Identity security company Semperis, in… Read More "nOAuth Vulnerability Still Affects 9% of Microsoft Entra SaaS Apps Two Years After Discovery"
Jun 25, 2025Ravie LakshmananVulnerability / Network Security Citrix has released security updates to address a critical flaw affecting NetScaler ADC that it said has been exploited in the wild. The vulnerability, tracked as CVE-2025-6543, carries a CVSS score of 9.2… Read More "Citrix Releases Emergency Patches for Actively Exploited CVE-2025-6543 in NetScaler ADC"
Jun 25, 2025Ravie LakshmananData Privacy / Vulnerability Cybersecurity researchers have detailed two now-patched security flaws in SAP Graphical User Interface (GUI) for Windows and Java that, if successfully exploited, could have enabled attackers to access sensitive information under certain conditions.… Read More "Citrix Bleed 2 Flaw Enables Token Theft; SAP GUI Flaws Risk Sensitive Data Exposure"
