%term

Backup vs. Replication: Key Differences Explained

Dec 11, 2025 By David Safaii In Trilio

When your application crashes or a region goes offline, the difference between backup and replication determines whether you’re back online in minutes or scrambling for days. Most IT teams confuse these two strategies, but they solve different problems. Backup creates point-in-time copies of your data for recovery after corruption or deletion. Replication maintains synchronized copies across systems for high availability and failover.

Read Post

Trilio

Read more about Backup vs. Replication: Key Differences Explained

OIDC for Developers: Reasons Your Auth Integration Could Be Broken

Dec 11, 2025 By Thomas Segura In GitGuardian

Why outsourcing auth doesn't mean outsourcing risk.

Read Post

GitGuardian

Read more about OIDC for Developers: Reasons Your Auth Integration Could Be Broken

Enumerating Users and Mailboxes in Microsoft Outlook 365 Web

Dec 11, 2025 By James Drew In Sentrium

During our research into Microsoft 365 security, we discovered a flaw in Outlook on the web (OWA) that exposed information about users and their mailboxes. By manipulating certain request headers against the “/owa/service.svc” endpoint, an attacker could not only confirm whether a user account existed, but also determine if that account had a mailbox associated with it.

Read Post

Sentrium

Read more about Enumerating Users and Mailboxes in Microsoft Outlook 365 Web

All things AI and malware with Randy Pargman

Dec 11, 2025 By LimaCharlie In LimaCharlie

Join us for this week's Defender Fridays as we explore the reality of AI-powered malware threats with Randy Pargman, Senior Director of Threat Detection at Proofpoint. At Defender Fridays, we delve into the dynamic world of information security, exploring its defensive side with seasoned professionals from across the industry. Our aim is simple yet ambitious: to foster a collaborative space where ideas flow freely, experiences are shared, and knowledge expands.

View Video

LimaCharlie

Read more about All things AI and malware with Randy Pargman

Secret Management: A Step-by-step Guide to NHI Security

Dec 11, 2025 By The Apono Team In Apono

It’s not hard for secrets to sprawl, buried under layers of commits and forgotten branches. Most teams don’t notice it until one bad push exposes everything. Secret leaks don’t come from breaches, but from configuration drift and forgotten credentials; a gap that traditional vault tools struggle to close on their own. Here’s the scale of that mess. Machine identities now outnumber human users by more than 80 to 1, and each one relies on credentials to function.

Read Post

Apono

Read more about Secret Management: A Step-by-step Guide to NHI Security

CVE-2025-10573: Critical Unauthenticated Stored XSS in Ivanti Endpoint Manager

Dec 11, 2025 By Bhargavi Pallati In Indusface

A newly disclosed vulnerability in Ivanti Endpoint Manager (EPM) tracked as CVE-2025-10573 allows unauthenticated attackers to inject persistent JavaScript into the EPM administrative dashboard. Assigned a CVSS score of 9.6, this vulnerability presents a critical security risk because it enables attackers to hijack administrator sessions and gain full control over managed endpoints.

Read Post

Indusface

Read more about CVE-2025-10573: Critical Unauthenticated Stored XSS in Ivanti Endpoint Manager

Adversarial AI: The New Symmetric Threat Landscape

Dec 11, 2025 By SecurityScorecard In SecurityScorecard

Adversarial AI is geometrically making cyber a symmetric threat, fundamentally altering the cybersecurity equation. However, there are leaders who have successfully navigated these emerging challenges and understand the implications. Join Dr. Aleksandr Yampolskiy (CEO & Co-Founder, SecurityScorecard) and Dr. Srinivas Mukkamala (CEO, Securin Inc.) as they dive into: SecurityScorecard monitors and scores over 12 million companies worldwide.

View Video

SecurityScorecard

Read more about Adversarial AI: The New Symmetric Threat Landscape

It's 2 AM. Do You Know Which AIs Your MCP Server Is Talking To?

Dec 11, 2025 By João Cruz In BitSight

When Anthropic dropped the Model Context Protocol (MCP) in late 2024, it felt like the missing puzzle piece for AI tooling: a standard way for Large Language Models (LLMs) to talk to data sources, APIs, and pretty much anything else you can think of. Think of it as a USB-C port for AI, as the protocol’s creators like to say. But like most shiny new standards, the devil’s in the details.

Read Post

BitSight

Read more about It's 2 AM. Do You Know Which AIs Your MCP Server Is Talking To?

Threat Research Year In Review - 2025

Dec 11, 2025 By Veracode Threat Research In Veracode

In November of last year, Aaron Bray made some supply chain security predictions for 2025. Now, as we approach the close of the year, we are going to look at how those predictions turned out. But first let’s start with the high-level statistics and review some of the campaigns we have been tracking and reporting on this year. As this year is not yet over, we have excluded data from December for both 2024 and 2025.

Read Post

Veracode

Read more about Threat Research Year In Review - 2025

ionCube Encoding vs Open Source Debate: Why smart developers protect their code but don't lock everything down.

Dec 11, 2025 By Ben In ionCube24

When it comes to distributing PHP applications, discussions often swing between two extremes: fully open-source everything or lock all your code behind encryption/encoding. Critics of encoding often argue that open source is superior because users can still inspect and customise code. But the truth is far more nuanced, and the most successful software vendors already know it.

Read Post