Low-Code Tools in Microsoft Azure Allowed Unprivileged Access
Using the API Connections for Azure Logic Apps, a security researcher found unauthenticated users could access sensitive data of other customers.
-
-
AI-Driven Trends in Endpoint Security: What the 2025 Gartner® Magic Quadrant™ Reveals
Cyber threats and attacks like ransomware continue to increase in volume and complexity with the endpoint typically being the most sought after and valued target. With the rapid expansion and adoption of AI, it is more critical than ever to ensure the endpoint is adequately secured by a platform capable of not just keeping pace,…
-
UNC2891 Breaches ATM Network via 4G Raspberry Pi, Tries CAKETAP Rootkit for Fraud
The financially motivated threat actor known as UNC2891 has been observed targeting Automatic Teller Machine (ATM) infrastructure using a 4G-equipped Raspberry Pi as part of a covert attack. The cyber-physical attack involved the adversary leveraging their physical access to install the Raspberry Pi device and have it connected directly to the same network switch as…
-
Alert Fatigue, Data Overload, and the Fall of Traditional SIEMs
Security Operations Centers (SOCs) are stretched to their limits. Log volumes are surging, threat landscapes are growing more complex, and security teams are chronically understaffed. Analysts face a daily battle with alert noise, fragmented tools, and incomplete data visibility. At the same time, more vendors are phasing out their on-premises SIEM solutions, encouraging migration to…
-
Hackers Exploit Critical WordPress Theme Flaw to Hijack Sites via Remote Plugin Install
Threat actors are actively exploiting a critical security flaw in “Alone – Charity Multipurpose Non-profit WordPress Theme” to take over susceptible sites. The vulnerability, tracked as CVE-2025-5394, carries a CVSS score of 9.8. Security researcher Thái An has been credited with discovering and reporting the bug. According to Wordfence, the shortcoming relates to an arbitrary…
-
Koreans Hacked, Blackmailed by 250+ Fake Mobile Apps
A swath of copycat Korean apps are hiding spyware, occasionally leading to highly personal, disturbing extortions.
-
Tonic Security Harnesses AI to Combat Remediation Challenges
Attackers are becoming faster at exploiting vulnerabilities but this startup seeks to stop threats before they lead to breaches.
-
Palo Alto Networks Grabs IAM Provider CyberArk for $25B
The deal shakes up the identity and access management landscape and expands Palo Alto Networks’ footprint in the cybersecurity market.
-
Inside the FBI’s Strategy for Prosecuting Ransomware
The US government is throwing the book at even mid-level cybercriminals. Is it just, and is it working?
-
Silk Typhoon Linked to Powerful Offensive Tools, PRC-Backed Companies
An unsealed indictment associated with the Chinese threat group shows its members worked for companies closely aligned with the PRC as part of a larger contractor ecosystem.