Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

This week’s briefing covers: Critical Sudo Vulnerability Allows Priv Esc to Root The flaw arises from unsafe handling of the --chroot (-R) option, where sudo processes user-provided configurations (including nsswitch.conf) from within the chroot environment before validating user privileges. This allows a local attacker to construct a malicious chroot with crafted NSS configuration that forces sudo to load attacker-controlled shared libraries as root, effectively bypassing authentication.

First, we look back at Microsoft’s major shift to remove endpoint protection from the Windows kernel. When we first covered it, it was a proposed change—now it's happening, and the implications are big. Next, we revisit a segment on GPT-4o and how generative AI is fueling the next wave of social engineering attacks. It's smarter, faster, and more convincing than ever. And finally, a refresher on the arrest of a Scattered Spider leader. While that made headlines, the group's activity hasn’t slowed down, they're still very much on the radar, as we discussed just last week.

An average healthcare org uses over 1,000 SaaS apps. But do you know which create, receive, transmit, or store PHI? Which support MFA? Which are dormant but still risky? If not, you’re not ready for HIPAA updates in 2025. In case you missed it, catch our CTO Avesta Hojjati, Ph.D.

Learn how Cloud SIEM uses rules to analyze records and create signals to monitor important cybersecurity events. Learn how to create and use the six different rule types in Cloud SIEM to cover any cybersecurity situation.

Your smart TV might be more vulnerable than you think! Hackers can use it to spy on you, steal personal data or even infect other devices on your home network. In this video, we’ll show you the warning signs that your smart TV has been hacked and how to protect yourself.

Staying safe online is more important than ever. Cybercriminals are always looking for ways to steal your data, but you can protect yourself by following these cybersecurity basics.

A CISO’s nightmare: management says “go,” but middle teams say “no.”

Losing your ID can lead to stolen identities, bank fraud and even criminal charges in your name. Watch this short video to learn what cybercriminals can do with your ID, how to tell if someone is using it and steps you need to take to protect yourself.

Cybercriminals can hide malicious code in PDFs, infecting your device if you open them. Watch this short video to learn how PDFs can carry viruses and how to stay protected.

Your email is connected to many accounts, so keeping it secure is key to protecting everything else. Since most password resets go through your email, it's important to take steps to strengthen its security. Find out how you can do just that.