Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Authentication Bypass in the default configuration phpBB

June 10th, we announced a critical vulnerability in phpBB that lets attackers bypass authentication, now known as CVE-2026-48611. This post is a follow-up, containing technical details that explain exploit scenarios and detection methods. To get you up to speed, phpBB is an old forum software that's still being used today by various technical communities. phpBB's Site Showcase alone has over 6 million members.
Featured Post

Anthropic and The Monster Outside the Fable

The reports surrounding Anthropic's Mythos 5 and Fable 5 have generated the usual reactions. Some see a necessary security measure and others see government overreach. Anthropic has disputed portions of the reporting and pushed back that the models represent an extraordinary threat. And now we're in a familiar grey area that is Anthropic models.

10 best network device management software

Network outages are still painfully expensive, and configuration mistakes are one of the biggest culprits. A 2023 analysis of Uptime Institute data shows that configuration and change management failures are the top cause of major network outages, responsible for around 45% of network incidents. Even a small configuration slip on a core switch can cascade into large-scale downtime. That’s why consistent, well-governed network device management is key to keeping business services uninterrupted.

Top tips: How to use public Wi-Fi without handing your data to a stranger

Top tips is a weekly column where we highlight what's trending in the tech world and list practical ways to explore these trends. This week, we are tackling something almost everyone does without thinking twice: connecting to public Wi-Fi (and what it could be costing you without you ever knowing). You are at an airport, a coffee shop, or a hotel lobby. You notice your data plan is running low and scroll through the available networks. And there it is: Free Wi-Fi—no password required.

OWASP Top 10 for Agentic Applications 2026: What It Means for Enterprise AI Security

OWASP, the Open Worldwide Application Security Project, has published Top 10 lists for over two decades to help security teams prioritize the risks that matter most. The original OWASP Top 10 for web applications became the industry’s default checklist for application security. When large language models moved into production, OWASP followed with the Top 10 for LLM Applications, addressing risks like prompt injection and sensitive information disclosure in single-turn model responses.

What Is Network Security Assurance?

Every security leader has a version of the network in their head. They know which systems should be segmented, which applications should be reachable, which ports should never be open, and which access paths should not exist. They know how the architecture is supposed to work. The harder question is whether the live environment is actually enforcing that design right now. That question is getting more difficult to answer.

The Hidden Cost of Manual Security Reviews

Microsoft 365 includes a wide range of security capabilities designed to help protect identities, devices, email, and data. Most MSPs already have access to these tools. The challenge is ensuring everything is configured correctly and reviewed consistently; not just having the “correct tools”. As MSPs grow, manual security reviews become increasingly difficult to maintain. Every tenant needs regular attention as configurations change over time and security recommendations continue to evolve.