Bootstrapped, Battled, and Built The Rise of miniOrange

What does it take to quit a stable job, reject an overseas offer, and start from zero, all for a dream? In this powerful conversation, �������������� ����������������, Founder and CEO of miniOrange, shares his raw, real, and remarkable journey: Whether you're an aspiring founder, a cybersecurity professional, or someone looking for purpose, this is a must-watch.

The Missing Layer: Email Protection That Exchange Online and Gmail Users Urgently Need

In our previous blog (Beyond Attachments: How Email Becomes Your Biggest Data Exfiltration Vector), we exposed the critical gaps in standard email data loss prevention (DLP) tools that allow data exfiltration to continue despite significant investment in native controls. Organizations that have implemented targeted solutions to address these gaps report dramatic improvements in their security posture. Here's what comprehensive email DLP actually looks like in practice.

Exploited! Grafana CVE-2025-4123 - Open Redirect & Stored XSS Give Attackers a Springboard Into Your Cloud

Grafana—the cloud-native observability dashboard almost every DevOps team relies on—rushed out Grafana 12.0.0-security-01 yesterday to squash CVE-2025-4123, a high-severity open-redirect and stored cross-site scripting (XSS) vulnerability. When chained with the popular Grafana Image Renderer plugin the bug escalates to a full-read server-side request forgery (SSRF), exposing cloud-metadata services and internal APIs.

The Ransomware Threat: Still Alive and Kicking

Many organizations, after a period of relative quiet, might believe the ransomware bubble has burst. The headlines may have shifted, and other emerging cyber threats might seem to dominate the news cycle, but recent data from Marsh's 2024 UK cyber insurance claims report suggests otherwise. It paints a stark picture of an ongoing and evolving threat landscape. While claims decreased by 20% compared to 2023, they remained significantly higher than in previous years.

The patching paradox: The reality of AI in security

Let’s stop pretending AI is going to save security. Sure, it’s going to help — it already is. But the idea that defenders will somehow “keep up” with attackers just because they both have access to generative AI is a fantasy. I come at this from a red-team mindset. I’ve spent years thinking like an attacker. Now I work at a blue-team company trying to defend real systems. And here’s what’s obvious to me: AI is going to let attackers move faster.

Resolving a request smuggling vulnerability in Pingora

On April 11, 2025 09:20 UTC, Cloudflare was notified via its Bug Bounty Program of a request smuggling vulnerability (CVE-2025-4366) in the Pingora OSS framework discovered by a security researcher experimenting to find exploits using Cloudflare’s Content Delivery Network (CDN) free tier which serves some cached assets via Pingora.

Phishing Campaign Targets International Students in the US

The FBI has issued an alert on a wave of phishing attacks targeting Middle Eastern students who are studying in the US. The campaign has targeted students from the United Arab Emirates (UAE), Saudi Arabia, Qatar, and Jordan. The scammers impersonate government officials and claim there is an issue with the student’s visa.