Hackers Exploit Metro4Shell RCE Flaw in React Native CLI npm Package
Ravie LakshmananFeb 03, 2026Open Source / Vulnerability Threat actors have been observed exploiting a critical security flaw impacting the Metro...
Blog
New Microsoft Update Improves Windows Sign-In Experience
Image: BleepingComputer Microsoft has released a massive stability patch for Windows 11, fixing the notorious missing password icon and other...
APT28 exploits Microsoft Office flaw in Operation Neusploit
APT28 exploits Microsoft Office flaw in Operation Neusploit Pierluigi Paganini February 03, 2026 Russia-linked APT28 is behind Operation Neusploit, exploiting...
Notepad++ infrastructure hack likely tied to China-nexus APT Lotus Blossom
Notepad++ infrastructure hack likely tied to China-nexus APT Lotus Blossom Pierluigi Paganini February 03, 2026 Rapid7 researchers say the Notepad++...
Enabling and Securing Basic Authentication: A Comprehensive Guide
The Reality of Basic Authentication in Enterprise Ever wonder why we're still talking about basic auth in 2024 when we...
Managing a Security Token Service
What is a security token service anyway? Ever tried explaining to your parents why they can't just use one password...
95% of AI Projects Are Unproductive and Not Breach Ready
Like me, this news probably shocked almost all AI enthusiasts. The GenAI gold rush has apparently turned into a reckoning....
When Cloud Outages Ripple Across the Internet
Recent major cloud service outages have been hard to miss. High-profile incidents affecting providers such as AWS, Azure, and Cloudflare...
APT28 Uses Microsoft Office CVE-2026-21509 in Espionage-Focused Malware Attacks
Ravie LakshmananFeb 03, 2026Vulnerability / Malware The Russia-linked state-sponsored threat actor known as APT28 (aka UAC-0001) has been attributed to...
Jan Recap: New AWS Privileged Permissions and Services
As January 2026 comes to a close, Sonrai’s latest review of newly released AWS permissions highlights a sharp expansion of...
The Ultimate Guide to Single Sign-On in 2025
Why SSO is still a mess in 2025 Ever wonder why, in 2025, we’re still wrestling with getting a "simple"...
Single Sign-On with External Security Token Services
Understanding the Role of External Security Token Services Ever wonder why you don't have to log in ten times a...
The Future of Single Sign-on: Insights for 2025
The Shift Toward Passwordless and FIDO2 Standards Ever tried explaining to a frantic ceo why they can't just use "Password123"...
Mozilla Adds One-Click Option to Disable Generative AI Features in Firefox
Ravie LakshmananFeb 03, 2026Artificial Intelligence / Privacy Mozilla on Monday announced a new controls section in its Firefox desktop browser...
Notepad++ Hosting Breach Attributed to China-Linked Lotus Blossom Hacking Group
Ravie LakshmananFeb 03, 2026Malware / Open Source A China-linked threat actor known as Lotus Blossom has been attributed with medium...