Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Dissecting the active-in-the-wild OS command injection vulnerability and its implications for enterprise threat monitoring In November 2025, threat intelligence teams began warning of a newly discovered zero-day vulnerability in a widely-deployed web application firewall appliance. The vulnerability — CVE-2025-58034 — allows authenticated attackers to execute arbitrary OS commands via crafted HTTP requests or CLI commands.

If you were online yesterday, you probably noticed that a surprising amount of the internet simply wasn’t there. Uber, X, Canva, ChatGPT, and dozens of others all began returning internal server errors. For a few hours, it looked like the web had taken the afternoon off. As usual, the immediate assumption was that someone must be attacking the internet. Even Cloudflare initially suspected a large-scale DDoS event. When many unrelated services break at once, it often signals malicious activity.

On October 10, 2025, crypto markets experienced their largest liquidation event in history. A whopping $19.5 billion was liquidated across all markets with approximately $1 trillion in total market cap wiped out. Binance halted trading. Ethereum Layer 2s lagged. Arbitrum fees spiked above $500, with median fees jumping to $116. The entire ecosystem was under unprecedented stress. This was the ultimate real-world test of mission-critical infrastructure.

Privileged access management (PAM) was once thought of in simple terms: secure the credentials of a handful of administrators managing on-premises systems. Vault the passwords, rotate them regularly, and record every privileged session It worked for a world with clear boundaries and predictable users. That world is now a museum piece. But here’s the shift: It’s not that PAM has changed. The very definition of privilege has evolved.

CXOs spend nearly 34% of their day reviewing reports, often bloated with metrics that don’t move the needle. Yet, despite all the dashboards and analytics tools available, most leaders still struggle to answer one question confidently.

When it comes to massive files, many organizations still rely on old-fashioned, on-premises file servers and filers. They’re hesitant to work on these projects in the cloud because the inherent network latency makes working with massive files difficult. So they stick to an on-premises approach—even though it typically requires wired access and stable VPN connections, which makes sharing and collaborating especially challenging for people working from home, in the field, or on the road.

Hybrid clouds, rapid development, and Shadow IT have expanded the modern attack surface, making complete visibility both crucial and more difficult than ever. Attack surface discovery offers a means of addressing these visibility gaps by continuously mapping all digital assets — internal, external, and hidden. This guide covers the fundamentals, best practices, and top tools for effectively discovering the attack surface.

Many don’t question what they share online. Others think, what could possibly happen? The answer: “plenty.” We all leave traces. A birthday photo here, a check-in there, a proud post about a promotion. None of it seems dangerous on its own, but online, fragments add up. Each click, tag, or comment starts to paint a fuller picture: one more detailed than most of us know, or would like.

In a world defined by digitization and interconnectivity, the question of sovereignty extends far beyond physical borders. Nations today find themselves grappling with a new reality: how to assert control and protect critical assets when the backbone of their digital existence—cloud infrastructures, distributed systems, and global platforms—operates across jurisdictions, providers, and geopolitical lines.

In the last post we discussed why we’re building our own Certificate Transparency (CT) search tool. There’s good background on the CT ecosystem in that post, so check it out if you haven’t. This post assumes a certain understanding of terminology covered previously. Now that we know where the CT logs live, and the different kinds of logs, we need to start reading them.