Blog

Your blog category

Blog

Windows CLFS Driver Elevation of Privilege

What is the Vulnerability?A zero-day vulnerability has recently been identified in the Common Log File System (CLFS) kernel driver. CLFS is a general-purpose logging subsystem within the Windows operating system that provides a high-performance way to store log data for various applications. If successfully exploited, an attacker operating under a standard user account can elevate…

Read More Windows CLFS Driver Elevation of Privilege
Blog

OttoKit WordPress Plugin Admin Creation Vulnerability Under Active Exploitation

A newly disclosed high-severity security flaw impacting OttoKit (formerly SureTriggers) has come under active exploitation within a few hours of public disclosure. The vulnerability, tracked as CVE-2025-3102 (CVSS score: 8.1), is an authorization bypass bug that could permit an attacker to create administrator accounts under certain conditions and take control of susceptible websites. “The

Read More OttoKit WordPress Plugin Admin Creation Vulnerability Under Active Exploitation
Blog

Zero-Day in CentreStack File Sharing Platform Under Attack

Gladinet’s platform is widely used among managed service providers, and a critical deserialization flaw could put MSP customers in jeopardy.

Read More Zero-Day in CentreStack File Sharing Platform Under Attack
Blog

AuthZEN Aims to Harmonize Fractured Authorization Controls

Managing permissions and authorizations across dozens or hundreds of cloud services and platforms poses significant headaches for companies. An open specification aims to change that.

Read More AuthZEN Aims to Harmonize Fractured Authorization Controls
Blog

Ping Identity Doubles Down on Partner Strategy with New Partner Program and Advisory Board

Post Content

Read More Ping Identity Doubles Down on Partner Strategy with New Partner Program and Advisory Board
Blog

Digital Asset Management Platform Liminal Raises $4.7M Funding Led by Elevation Capital

Post Content

Read More Digital Asset Management Platform Liminal Raises $4.7M Funding Led by Elevation Capital
Blog

Trump’s DoJ Targets Krebs, Revokes SentinelOne Security Clearance

An executive order is targeting former Trump appointees, including former CISA director Chris Krebs and his current coworkers, in the latest in a series of directives against those who dissented against the president and his associates.

Read More Trump’s DoJ Targets Krebs, Revokes SentinelOne Security Clearance
Blog

What Should the US Do About Salt Typhoon?

Security experts weigh in on the problem Salt Typhoon and its hacking of telecoms poses against the United States, including what the US should do and how defenders can protect themselves.

Read More What Should the US Do About Salt Typhoon?
Blog

Open Source Poisoned Patches Infect Local Software

Malicious packages lurking on open source repositories like npm have become less effective, so cyberattackers are using a new strategy: offering “patches” for locally installed programs.

Read More Open Source Poisoned Patches Infect Local Software
Blog

Incomplete Patch in NVIDIA Toolkit Leaves CVE-2024-0132 Open to Container Escapes

Cybersecurity researchers have detailed a case of an incomplete patch for a previously addressed security flaw impacting the NVIDIA Container Toolkit that, if successfully exploited, could put sensitive data at risk. The original vulnerability CVE-2024-0132 (CVSS score: 9.0) is a Time-of-Check Time-of-Use (TOCTOU) vulnerability that could lead to a container escape attack and allow for

Read More Incomplete Patch in NVIDIA Toolkit Leaves CVE-2024-0132 Open to Container Escapes