On February 19, 2025, Horizon3.ai published proof-of-concept (PoC) exploit code and technical details for critical Ivanti Endpoint Manager (EPM) vulnerabilities disclosed in January. The vulnerabilities are tracked as CVE-2024-10811, CVE-2024-13161, CVE-2024-13160, and CVE-2024-13159, allowing a remote unauthenticated attacker to leak sensitive information via a path traversal. They share the same underlying issue, which results from an unauthenticated endpoint failing to validate input.

Read also: Dutch police dismantled 127 servers of bulletproof hosting Zservers, India busts cybercriminal syndicate, and more.

Enable secure API authentication in your DNN website using the DNN REST API module. Get headless architecture, smooth API management, and improve API security.

Once again, WatchGuard has been named to CRN’s 2025 Security 100 list in the Network Security category. This prestigious recognition honors the top security vendors in the IT channel. The 2025 CRN Security 100 highlights channel-friendly cybersecurity vendors across a number of market segments, ranging from the largest and best-known players to some of the small-but-promising startups.

Today, fraud schemes don’t follow predictable patterns. Enterprises are up against AI-generated deepfake attacks, multi-stage social engineering, and impersonation scams that exploit gaps in traditional fraud prevention strategies. And they know it. According to PwC, 59% of enterprises completed a fraud risk assessment in the 12 months prior to June 2024, showing they take fraud protection seriously. But beyond knowing your risks, there’s a need for better ways to tackle and mitigate them.

If you’re considering a private storage solution for your files online, you may have heard the term zero-knowledge encryption (ZKE). ZKE stands out from other cloud providers because it emphasizes privacy. By choosing cloud storage with zero-knowledge encryption, you are given full control over the security and privacy of your files, and you will protect them from companies like Google, who use your data for profit or to train their AI models.

On February 19, 2025, the Federal Bureau of Investigation (FBI), Cybersecurity and Infrastructure Security Agency (CISA), and the Multi-State Information Sharing and Analysis Center (MS-ISAC) released a joint advisory to disseminate known Ghost (Cring)—(“Ghost”)—ransomware IOCs and TTPs identified through FBI investigation as recently as January 2025. Detailed information about this threat and the associated IOCs and TTPs can be seen in the advisory: Ghost (Cring) Ransomware.

Some traditional security methods are no match for evolving cyber threats, which is why zero trust is an essential addition to every organization’s arsenal. Unlike perimeter defenses, zero trust secures access at every level, verifying every device and user continuously to create a security posture that is far harder to penetrate. Gartner reports that 63% of organizations now use a zero trust strategy, a shift driven by the rising costs and frequency of successful breaches.

Payment security for SAQ A-EP merchants has never been more critical. As e-commerce continues to evolve, merchants who control elements of their payment pages face increasing security challenges and compliance requirements.