Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

CVE-2026-21962: Maximum-severity Vulnerability in Oracle HTTP Server/WebLogic Proxy Plug-In

On January 20, 2026, Oracle patched a maximum‑severity vulnerability in its Fusion Middleware suite affecting Oracle HTTP Server and the WebLogic Server Proxy Plug‑in, tracked as CVE‑2026‑21962. An unauthenticated remote threat actor can exploit this flaw to gain unauthorized creation, deletion, or modification access to critical data. The issue stems from improper handling of incoming requests by the WebLogic Server Proxy Plug‑ins for Apache HTTP Server and Microsoft IIS.

As online fraud expands, here's how you can stay ahead

Globally, companies lost an average of 7.7% of their annual revenue to fraud, according to TransUnion’s 2025 Digital Identity Risk Accelerates Fraud Losses report. In the US, companies reported revenue losses of 9.8%, a 46% increase from the previous year. That’s hundreds of billions of dollars heading into the hands of fraudsters. And those stats don’t account for the loss of trust, hit to brand reputation, and time and resources spent on mitigating and resolving the fraud.

What is identity muling, and how can you prevent this new fraud vector?

An identity mule is someone who is compensated for sharing their identity. They may be asked for pictures of their identification documents and video selfies. Or, instructed to create an account and complete an identity verification flow before handing over the account’s credentials to a bad actor. The fraud cat-and-mouse game is taking a new turn. As organizations get better at detecting deepfakes, some bad actors are using real people’s identities to commit fraud.

5 Reasons Why Organizations Don't Achieve FedRAMP ATO

When a cloud services provider wants to work with the federal government, they have to pass a rigorous audit to make sure they’re capable of properly securing the controlled information they would handle in the process. Achieving that Authority to Operate is done through the Federal Risk and Authorization Management Program and is the biggest barrier to federal contracts, and the bar is high. As many as 60% of CSPs attempting to pass their ATO audit will fail.

The Rise of DLL Side-Loading Cyber Attacks and Browser Data Theft

Content originally created and published by Venak Security. Cybercriminals are increasingly adopting stealthy and advanced techniques, notably Dynamic-Link Library (DLL) side-loading and browser memory scraping, to install malware that stealthily harvests users’ passwords, credit card data, cookies, session tokens and more. These attacks blend social engineering, search manipulation and memory-level exploitation to bypass traditional defenses and compromise victims at scale.

DSPM vs CSPM: Choose Your Cloud Security Strategy

Data security posture management (DSPM) and cloud security posture management (CSPM) both play vital roles in cloud security, but they serve distinct purposes. DSPM focuses on protecting sensitive data across SaaS, IaaS, and PaaS environments, while CSPM focuses on cloud infrastructure. For organizations managing sensitive data in multi-cloud setups, DSPM often offers superior visibility, real-time monitoring, and regulatory alignment.

How Protecto Delivers Format Preserving Masking to Support Generative AI

Generative AI systems are designed to work with real data that expects structure, rely on patterns, and infer meaning from formats, relationships, and consistency across inputs. While real data facilitates better outputs and advanced training, making these systems useful has a tradeoff – it carries privacy, security, and compliance risk. This puts business on a difficult conundrum – either you block sensitive data entirely and lose context, or accept the privacy risks of using real data.

7 AI Video Tools Security Teams Are Using for Training and Awareness Campaigns

Security awareness isn't just about policies and procedures anymore. Modern security teams know that engaging visual content dramatically improves message retention and behaviour change among employees. The challenge has always been production. Creating professional training videos and awareness content traditionally required budgets and expertise most security departments don't have. Static presentations and wall-of-text emails get ignored, but quality alternatives seemed out of reach.

The Hidden Security Risk of Enterprise Documents and Why AI Amplifies It

For years, enterprise security strategies have evolved around visible and measurable threats: network intrusions, endpoint compromise, identity misuse, and cloud misconfigurations. These domains are well understood, heavily monitored, and continuously audited. Yet one of the most critical security risk surfaces in modern enterprises remains largely under-governed: documents and unstructured data.