Since November 2024, threat actor Blind Eagle has executed a series of sophisticated campaigns primarily aimed at Colombian institutions and government bodies. These operations have demonstrated a high rate of infection, targeting critical infrastructure and private organizations alike. According to Check Point’s recent analysis, the campaigns resulted in more than…
Commvault, a prominent player in cyber resilience and data protection solutions for hybrid cloud environments, has recently expanded its HyperScale portfolio with the introduction of HyperScale Edge and HyperScale Flex. These solutions aim to address the growing data security concerns of modern enterprises operating in remote offices and edge environments—locations…
A newly uncovered, high-severity vulnerability affects the OttoKit plugin for WordPress, formerly known as SureTriggers. This flaw has reportedly been exploited within mere hours of its public disclosure, posing a significant risk to website security. Identified as CVE-2025-3102, this vulnerability carries a CVSS score of 8.1 due to an authorization…
Cybersecurity firm Trellix recently reported a sustained malware campaign targeting e-commerce sectors in South Korea and the United States, attributed to a new wave of GuLoader attacks. This malware campaign signifies a shift in tactics from the previously used malware-laden Microsoft Word documents to NSIS executable files for malware deployment.…
Critical Infrastructure Security, Governance & Risk Management, Operational Technology (OT) Enhancing OT Cybersecurity Skills Through Education and Collaboration Brandy Harris • September 3, 2025 Image: Shutterstock As the cybersecurity landscape evolves, many professionals entering the field find their training predominantly focused on IT systems, safeguarding data centers, and managing corporate…
Recent data breaches have raised concerns about security within popular applications, particularly the use of the Salesloft Drift application to compromise Salesforce data. In an important update, Salesloft has reported that the security incident has been addressed, with containment measures and customer protections now in effect. To investigate the breach,…
Surge in Server-Side Request Forgery Exploits Detected Across Multiple Platforms GreyNoise, a threat intelligence firm, has issued an alarming warning regarding a “coordinated surge” in the exploitation of Server-Side Request Forgery (SSRF) vulnerabilities across various platforms. This uptick, first identified on March 9, 2025, is particularly notable for involving at…
Understanding Ephemeral Accounts in Cybersecurity In the realm of cybersecurity audits, particularly those regarding compliance and cyber insurance, emphasis is placed on analyzing group memberships to discern access levels. This scrutiny typically reveals individuals with elevated privileges, including roles such as Domain Admin, Enterprise Admin, Local Administrator, Global Admin in…
Palo Alto Networks has alerted the cybersecurity community regarding ongoing brute-force login attempts directed at PAN-OS GlobalProtect gateways. This warning follows recent observations from threat hunters who noted an increase in suspicious login scanning activity targeting the company’s devices. A spokesperson from Palo Alto Networks commented that evidence exists of…
