Cybercriminals Don’t Care About National Cyber Policy

Blog

By January 7, 2025

We can’t put defense on hold until Inauguration Day.

Blog

New Pixnapping Android Flaw Lets Rogue Apps Steal 2FA Codes Without Permissions

Android devices from Google and Samsung have been found vulnerable to a side-channel attack that could be exploited to covertly steal two-factor authentication (2FA) codes, Google Maps timelines, and other sensitive data without the users’ knowledge pixel-by-pixel. The attack has been codenamed Pixnapping by a group of academics from the University of California (Berkeley), University…

Read More New Pixnapping Android Flaw Lets Rogue Apps Steal 2FA Codes Without Permissions
Blog

Anyone Using Agentic AI Needs to Understand Toxic Flows

The biggest vulnerabilities may lie at the boundaries of where the AI agent connects with the enterprise system.

Read More Anyone Using Agentic AI Needs to Understand Toxic Flows
Blog

Microsoft Patches Actively Exploited Power Pages Privilege Escalation Vulnerability

Microsoft has released security updates to address two Critical-rated flaws impacting Bing and Power Pages, including one that has come under active exploitation in the wild. The vulnerabilities are listed below – CVE-2025-21355 (CVSS score: 8.6) – Microsoft Bing Remote Code Execution Vulnerability CVE-2025-24989 (CVSS score: 8.2) – Microsoft Power Pages Elevation of Privilege Vulnerability…

Read More Microsoft Patches Actively Exploited Power Pages Privilege Escalation Vulnerability
Blog

Experts Warn of Widespread SonicWall VPN Compromise Impacting Over 100 Accounts

Cybersecurity company Huntress on Friday warned of “widespread compromise” of SonicWall SSL VPN devices to access multiple customer environments. “Threat actors are authenticating into multiple accounts rapidly across compromised devices,” it said. “The speed and scale of these attacks imply that the attackers appear to control valid credentials rather than brute-forcing.” A significant chunk of

Read More Experts Warn of Widespread SonicWall VPN Compromise Impacting Over 100 Accounts
Blog

Vulnerability in Zyxel Network Attached Storage (NAS) Devices

FortiGuard Labs is aware of a newly disclosed vulnerability in Zyxel network attached storage (NAS) devices in an advisory published today by CERT/CC. Multiple Zyxel devices contain a pre authentication command injection vulnerability, which may allow a remote unauthenticated attacker to execute arbitrary code on the device. The vulnerability was reported by security journalist Brian…

Read More Vulnerability in Zyxel Network Attached Storage (NAS) Devices
Blog

Google Quick Share Bug Bypasses Allow Zero-Click File Transfer

Google addresses patch bypasses for CVE-2024-38272 and CVE-2024-38271, part of the previously announced “QuickShell” silent RCE attack chain against Windows users.

Read More Google Quick Share Bug Bypasses Allow Zero-Click File Transfer

Related