Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

In today's complex IT environments, comprehensive log collection is crucial for effective auditing and security monitoring. Without this, endpoints, especially those that are VPN-joined, stay out of your reach while auditing. This was the bottleneck faced by our Log360 customer who recently availed OnboardPro, ManageEngine's professional services. They knew Log360 was capable of collecting logs from all their network devices—but what about the endpoints that were connected remotely via VPN?

For the first time in history, banks and financial institutions are adopting digital assets as an integral part of their internal operations and product offerings. As they do so, they face new threat vectors, unfamiliar custody models, and growing pressure to identify and align with emerging supervisory standards, which may or may not serve as complete safe havens from risk.

In software engineering, the deployment process is not just about running a script and hoping it sticks. A big part of it is automation, not as a luxury, but a necessity. And that’s where Azure Pipelines steps in. The software provides a robust CI/CD engine embedded in the Azure DevOps ecosystem. Developers and DevOps engineers working with version control systems, containers, or even legacy monoliths can leverage Azure Pipelines.

Researchers at Zimperium are tracking a new malware-as-a-service platform designed to target Android phones with banking Trojans. The platform, dubbed “Fantasy Hub,” allows unskilled threat actors to launch sophisticated malware campaigns that trick victims into granting access to their bank accounts.

LevelBlue Labs is tracking a severe vulnerability in Windows Server Update Services (WSUS), CVE-2025-59287, that allows attackers to remotely execute code without authentication and is being exploited by threat actors to compromise vulnerable Windows Server users.

In eight short minutes on October 25, 2025, a group of thieves captured the world’s attention and imagination, perpetuating a daring heist in broad daylight and escaping with approximately €88 million worth of prized artwork from the planet’s most visited museum: The Louvre. Within the security community, the first successful robbery from the iconic Parisian landmark since 1998 was a bombshell story.

Welcome to The researcher’s desk – a content series where the Detectify security research team conducts a technical autopsy on vulnerabilities that are particularly interesting, complex, or persistent. The goal here is not to report the latest research (for which you can refer to the Detectify release log); it is to take a closer look at certain vulnerabilities, regardless of their disclosure date, that still offer critical lessons.

For most IT operations teams, capacity management is a balancing act. Too much capacity and costs spiral; too little and users feel the impact before you do. On paper, scaling should be simple. In reality, it’s anything but. Most teams still scale manually – waiting for alerts, logging into consoles, adjusting resources, and hoping they’re not overdoing it. It’s a pattern that feels safe because it’s familiar, but it’s quietly expensive.

A critical zero-day, CVE-2025-64446, path-traversal vulnerability in Fortinet FortiWeb, the company’s Web Application Firewall (WAF), is being actively exploited in the wild to create unauthorized administrator accounts on exposed systems. This flaw allows unauthenticated attackers to gain complete administrator access to affected devices.

On November 13, 2025, the United States’ Federal Bureau of Investigation (FBI), Cybersecurity and Infrastructure Security Agency (CISA), Department of Defense Cyber Crime Center (DC3), and Department of Health and Human Services (HHS) released a joint Cybersecurity Alert regarding Akira ransomware in conjunction with a number of additional authoring organizations, including Europol’s European Cybercrime Centre (EC3); France’s Office Anti-Cybercriminalite (OFAC)