Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

***********************************************************************************

This week’s briefing covers: Proof of Concept Exploit Released for CVE-2025-32756 Further to Kroll reporting in May regarding a critical zero-day vulnerability, CVE-2025-32756 in Fortinet, is now being actively exploited in the wild, with attackers using a crafted AuthHash cookie to gain control of affected systems.

Mend.io, formerly known as Whitesource, has over a decade of experience helping global organizations build world-class AppSec programs that reduce risk and accelerate development -– using tools built into the technologies that software and security teams already love. Our automated technology protects organizations from supply chain and malicious package attacks, vulnerabilities in open source and custom code, and open-source license risks.

How to Fix the Challenges with Web App Firewalls A10 security experts Gary Wang and Jamison Utter explore how to uncover “Dynamic Profiles” of threat actors through advanced behavioral analysis. By leveraging regression models and historical attack patterns, they demonstrate how to detect and anticipate evolving attacker behaviors—an essential capability for staying ahead in today’s rapidly shifting threat landscape.

Join Veracode’s Chris Wysopal and guest Tejas Dakve for a discussion on the current state of AI (challenges & opportunities)) in Application Security.

UCSB's Todd Atkins, Security Operations Engineer, talks about the benefits the university has realized in risk and visibility thanks to switching over to Nucleus Security.

Think you know ransomware? Think again. BlackSuit isn't just another encryption threat—it's an evolved monster that's putting both Windows AND Linux systems at serious risk. In this episode of our cybersecurity series, we break down.

In this video, we'll take a look at some basic navigation around being a admin within Tines.

571 Canva Creators had their personal data exposed by an unsecured Chroma database. The database, used by Russian AI startup My Jedai, contained 341 document collections. One of these collections included survey responses with emails, countries of residence, and detailed feedback on the Canva Creators program. This isn’t your typical breach. It’s the result of unsecured AI infrastructure.

This video will use three different use cases to highlight how Data Explorer can provide insight into both security and operational events.