Stealthy Apache Tomcat Critical Exploit Bypasses Security Filters: Are You at Risk?

By simply sending HTTP requests, attackers can trigger the deserialisation of malicious data in Tomcat’s session storage and gain control. Read more »

Most organizations change policies to reduce CISO liability risk

93% of organizations made policy changes over the preceding 12 months to address concerns about increased personal liability for CISOs, according to Fastly. This includes two in five organizations... Read more »

California Cryobank, the largest US sperm bank, disclosed a data breach

California Cryobank, the largest US sperm bank, suffered a data breach exposing customer information. California Cryobank (CCB) is the largest sperm bank in the U.S., providing frozen donor sperm... Read more »

Agentic AI’s Role in the Future of AppSec

Overwhelmed AppSec teams are turning to agentic AI to handle the tedious manual work of security reporting, threat modeling, and code reviews, but successful implementation requires careful human oversight. Read more »

Vanta strengthens collaboration between security and GRC teams

Vanta announced a series of new features and capabilities to help security and GRC teams seamlessly collaborate across their organization and extended network. These releases—including team-based collaboration and granular... Read more »

Report: The State of Secrets Sprawl 2025

GitGuardian’s State of Secrets Sprawl 2025 report shows no progress in combating secrets sprawl, with 23.8 million secrets leaked on public GitHub repositories in 2024—a 25% year-over-year increase. Despite... Read more »

1Kosmos 1Key secures shared login environments and OT systems

1Kosmos announced 1Kosmos 1Key for shared account login environments. With FIDO-compliant biometric authentication, 1Kosmos 1Key addresses the pressing need for security, accountability, and auditability in settings where multiple users... Read more »

APTs have been using zero-day Windows shortcut exploit for eight years (ZDI-CAN-25373)

State-sponsored threat actors and cybercrime groups from North Korea, Iran, Russia, and China have been exploiting a zero-day Windows vulnerability with no fix in sight for the last eight... Read more »

Elastic expands partnership with Tines to scale security operations

Elastic announced an expanded partnership with an integrated offering that includes Tines Workflow Automation and the Elastic Search AI Platform to simplify security and observability workflow automation. The partnership... Read more »

Clop resurgence drives ransomware attacks in February

Read more »
Subscribe to our Newsletter