Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

CVE-2025-55752 exposes a dangerous path traversal flaw in Apache Tomcat caused by a rewrite and decoding regression. This video breaks down how the bug works, why it becomes severe when combined with HTTP PUT, which versions are affected, and what teams must do to patch or mitigate it. We also show how WAAP protection blocks exploitation attempts even before servers are updated.

GPT 5.1 Impressed me with this...

As email-based cyberattacks surge, security teams are struggling to stay ahead of increasingly sophisticated phishing, Business Email Compromise (BEC), and AI-driven social engineering. With attackers exploiting platforms like Microsoft 365, Google Workspace, OneDrive, and SharePoint, organizations face growing pressure to strengthen protection, visibility, and compliance.

Legacy IGA systems are often complex, costly, and slow to deploy... leaving organizations exposed. CyberArk’s new buyer’s guide breaks down what really matters when choosing the right IGA solution.

Modern IGA from CyberArk is automated, unified, and secure—making identity governance easier and safer for your team. Hear from real customers who streamlined their processes and saw results fast. Ready to leave spreadsheets behind?

The NIS2 Directive is Europe’s new, upgraded cybersecurity law designed to strengthen the digital resilience of essential and important businesses. In this video, you’ll learn what NIS2 is, why it was introduced, which sectors it impacts, and how companies can prepare for compliance to avoid penalties.

If you’re unsure where your organisation stands under NIS2, speak with our experts at VISTA InfoSec. We’ll help you assess your entity classification and guide you through compliance step by step.

Take that! And rewind it back! We built Rubrik Agent Rewind to help enterprises unleash AI without risk by providing visibility, control, and recovery capabilities for AI agents.

Missing Transition Validation (BLA 4) is a subtle but devastating threat. It exploits the sequence of steps in your application's workflow. The flaw? Your application fails to check that Step 2 (Payment) occurred before allowing access to Step 3 (Confirmation). The attacker simply draws a line straight to the goal! This attack is: Difficult to Detect: It uses valid requests in an invalid sequence. Tightly Coupled: It's unique to your application's specific logic. You need deep, sequence-aware runtime protection.