A critical WatchGuard Fireware flaw could allow unauthenticated code execution
A critical WatchGuard Fireware flaw could allow unauthenticated code execution Pierluigi Paganini October 17, 2025 A critical WatchGuard Fireware vulnerability,...
Year: 2025
TDL 007 | Cyber Warriors & Digital Shadows: Insights from Canada’s Cybersecurity Leader
In this episode of The Defender’s Log, host David Redekop interviews Sami Khoury, the Senior Official for Cybersecurity for the...
North Korean Hackers Combine BeaverTail and OtterCookie into Advanced JS Malware
The North Korean threat actor linked to the Contagious Interview campaign has been observed merging some of the functionality of...
Q3 Ransomware Attacks Increase 36% YoY, BlackFog Report Reveals
Image: AVC Photo Studio/Adobe Stock A fog has lifted, and the news about ransomware reveals we fell on black days....
Threat Intelligence Executive Report – Volume 2025, Number 5
The Counter Threat Unitâ„¢ (CTU) research team analyzes security threats to help organizations protect their systems. Based on observations in...
OAuth for MCP – Emerging Enterprise Patterns for Agent Authorization
By Thomas Segura TL;DR: OAuth 2.1 is a solid foundation for MCP, but the non-deterministic nature of agent interactions introduce...
Prosper disclosed a data breach impacting 17.6 million accounts
Prosper disclosed a data breach impacting 17.6 million accounts Pierluigi Paganini October 17, 2025 Threat actors stole personal data, including...
Microsoft revokes 200+ certificates abused by Vanilla Tempest in fake Teams campaign
Microsoft revokes 200+ certificates abused by Vanilla Tempest in fake Teams campaign Pierluigi Paganini October 17, 2025 Microsoft revoked 200+...
PowerSchool hacker got four years in prison
PowerSchool hacker got four years in prison Pierluigi Paganini October 17, 2025 Matthew D. Lane, a Massachusetts student, got four...
Auction house Sotheby’s disclosed a July data breach
Auction house Sotheby’s disclosed a July data breach Pierluigi Paganini October 17, 2025 Sotheby’s reported a July 24 breach exposing...
Email Bombs Exploit Lax Authentication in Zendesk
Cybercriminals are abusing a widespread lack of authentication in the customer service platform Zendesk to flood targeted email inboxes with...
Differences Between Secure by Design and Secure by Default
Introduction: The Rising Importance of Proactive Security Okay, so, proactive security – it's kinda a big deal now, right? I...
Evaluating the Best Passwordless Authentication Options
The Rise of Passwordless Authentication: Why Now? Okay, so passwords, right? We all hate 'em, and honestly, they're not even...
Attack Surface Management vs. Vulnerability Management — What’s Changed
For years, vulnerability management (VM) has been a cornerstone of cybersecurity services. Â Managed Security Providers (MSPs) and Managed Security...
Azure B2C Alternative for Startups
I once spent three solid days chasing a bug in Azure B2C’s custom policy engine — a mismatch in claim...
