News
March 4, 2025
FYSA — VMware Critical Vulnerabilities Patched
< 1 min read - Summary Broadcom has released a security bulletin, VMSA-2025-0004, addressing and remediating three vulnerabilities that, if exploited, could lead to system compromise. Products affected include vCenter Server, vRealize Operations Manager, and vCloud Director. Threat Topography Threat Type: Critical Vulnerabilities Industry: Virtualization…
News
January 13, 2025
Insights from CISA’s red team findings and the evolution of EDR
3 min read - A recent CISA red team assessment of a United States critical infrastructure organization revealed systemic vulnerabilities in modern cybersecurity. Among the most pressing issues was a heavy reliance on endpoint detection and response (EDR) solutions, paired with a lack of…
News
December 30, 2024
DHS: Guidance for AI in critical infrastructure
4 min read - At the end of 2024, we’ve reached a moment in artificial intelligence (AI) development where government involvement can help shape the trajectory of this extremely pervasive technology. In the most recent example, the Department of Homeland Security (DHS) has released…
News
December 26, 2024
Apple Intelligence raises stakes in privacy and security
3 min read - Apple’s latest innovation, Apple Intelligence, is redefining what’s possible in consumer technology. Integrated into iOS 18.1, iPadOS 18.1 and macOS Sequoia 15.1, this milestone puts advanced artificial intelligence (AI) tools directly in the hands of millions. Beyond being a breakthrough…
News
December 23, 2024
FYSA – Adobe Cold Fusion Path Traversal Vulnerability
2 min read - Summary Adobe has released a security bulletin (APSB24-107) addressing an arbitrary file system read vulnerability in ColdFusion, a web application server. The vulnerability, identified as CVE-2024-53961, can be exploited to read arbitrary files on the system, potentially leading to unauthorized…
News
December 23, 2024
Ransomware attack on Rhode Island health system exposes data of hundreds of thousands
3 min read - Rhode Island is grappling with the fallout of a significant ransomware attack that has compromised the personal information of hundreds of thousands of residents enrolled in the state’s health and social services programs. Officials confirmed the attack on the RIBridges…
News
December 16, 2024
FBI, CISA issue warning for cross Apple-Android texting
3 min read - CISA and the FBI recently released a joint statement that the People’s Republic of China (PRC) is targeting commercial telecommunications infrastructure as part of a significant cyber espionage campaign. As a result, the agencies released a joint guide, Enhanced Visibility…
News
December 9, 2024
Zero-day exploits underscore rising risks for internet-facing interfaces
3 min read - Recent reports confirm the active exploitation of a critical zero-day vulnerability targeting Palo Alto Networks’ Next-Generation Firewalls (NGFW) management interfaces. While Palo Alto’s swift advisories and mitigation guidance offer a starting point for remediation, the broader implications of such vulnerabilities…
News
December 2, 2024
Will arresting the National Public Data threat actor make a difference?
3 min read - The arrest of USDoD, the mastermind behind the colossal National Public Data breach, was a victory for law enforcement. It also raises some fundamental questions. Do arrests and takedowns truly deter cyberattacks? Or do they merely mark the end of…