%term

Unsubscribed Doesn't Mean Disconnected: The Persistent Risk of Calendar Domains

Dec 10, 2025 By Emma Stevens In BitSight

We trust our devices to keep our lives organized, from reminders and appointments to birthdays and holidays. But behind that convenience lies an invisible risk. Every time you subscribe to an external calendar, you may be granting an unknown third party the ability to send events directly to your device for as long as the subscription remains active.

Read Post

BitSight

Read more about Unsubscribed Doesn't Mean Disconnected: The Persistent Risk of Calendar Domains

React2Shell: The Frontend Vulnerability That Unlocks Your Internal APIs

Dec 10, 2025 By Eric Schwake In Salt Security

The cybersecurity world is currently buzzing about React2Shell (CVE-2025-55182), a critical remote code execution (RCE) vulnerability affecting React and Next.js. The scale of the threat is massive: researchers have already identified over 77,000 vulnerable IP addresses exposed to the internet, and confirmed that state-sponsored actors and opportunistic crypto miners have already breached at least 30 organizations. But if you look closely, this isn't really a story about React.

Read Post

Salt Security

Read more about React2Shell: The Frontend Vulnerability That Unlocks Your Internal APIs

Social Engineering Campaign Targets Microsoft Teams Users

Dec 10, 2025 By KnowBe4 Team In KnowBe4

Researchers at CyberProof warn that threat actors are launching phishing attacks via Microsoft Teams' “Chat with Anyone” feature, which lets external users send direct messages via email addresses. “Microsoft Teams now allows users to send direct chat invitations to any email address, even if recipients aren’t part of a Teams tenant,” the researchers explain.

Read Post

KnowBe4

Read more about Social Engineering Campaign Targets Microsoft Teams Users

How to Configure and Manage miniOrange 2FA for Bitbucket | Admin & User Setup

Dec 10, 2025 By miniOrange In miniOrange

This tutorial provides a complete walkthrough of configuring and managing Two-Factor Authentication (2FA) in the miniOrange 2FA app for Bitbucket. Learn how admins can enable and enforce 2FA methods across users and groups, and see how end users complete their 2FA setup during login. Strengthen your Bitbucket security with an additional authentication layer and protect your instance from unauthorized access.

View Video

miniOrange

Read more about How to Configure and Manage miniOrange 2FA for Bitbucket | Admin & User Setup

How 2025 Reshaped SOCs and What Matters in 2026

Dec 10, 2025 By Graylog In Graylog

Security teams spent 2025 operating at maximum load. Alert volume kept rising, analysts pivoted across too many tools, AI arrived faster than governance could support, and cloud costs shaped what data teams felt safe keeping. In this episode of Logs and Lattes, host Palmer Wallace and Jeff Darrington break down what actually happened inside real SOCs and how those lessons are already guiding 2026.

View Video

Graylog

Read more about How 2025 Reshaped SOCs and What Matters in 2026

Getting the Right People to the Table

Dec 10, 2025 By Tara Ragan and James Hart In BlueVoyant

Implementing Microsoft Purview is not just an IT project – it’s a company-wide transformation that touches nearly every aspect of how your organization manages, protects, and governs data. Success requires aligning diverse perspectives and building consensus across teams. The initial push for Purview can come from many departments. If you are leading the effort, identifying who needs to be involved and understanding why their input matters will be key to driving buy-in and long-term success.

Read Post

BlueVoyant

Read more about Getting the Right People to the Table

Response to "Principles for the Secure Integration of Artificial Intelligence in OT"

Dec 10, 2025 By James Slaby In Acronis

This new guidance amounts to leading Western governments telling OT users (industrial businesses in manufacturing, energy, power, logistics, critical infrastructure, and the like), “Yes, you can use AI in OT, but only if you’re prepared for it to fail and you can recover quickly when it does.”

Read Post

Acronis

Read more about Response to "Principles for the Secure Integration of Artificial Intelligence in OT"

How Insurity Cut Manual Security Work by 81%

Dec 10, 2025 By Reach Security In Reach Security

95 hours back. Every. Single. Month. One of the many outcomes from our ZTA journey with Insurity. They didn’t just deploy Zero Trust — they operationalized it. Reach unified controls, automated remediation, and eliminated the manual effort slowing progress. Results:︎ 81% less manual work︎ 95 hours saved per employee per month︎ Months → days for rollout︎ Zero Trust that sticks.

View Video

Reach Security

AI
Security

Read more about How Insurity Cut Manual Security Work by 81%

Your Digital Footprint and Why it Matters!

Dec 10, 2025 By KnowBe4 | Human Risk Management In KnowBe4

You know that trail of bread crumbs you leave across the internet? Cybercriminals love to eat them up! Every post. Every like. Every old username from 2012, it all sticks around. And scammers can use that info to guess passwords, target you, or piece together your whole life story. So post smart. Share less. Protect more.

View Video

KnowBe4

Read more about Your Digital Footprint and Why it Matters!

Hyperautomation Transforms MSSP Cybersecurity Trends in 2026

Dec 10, 2025 By Torq In Torq

See how Torq harnesses AI in your SOC to detect, prioritize, and respond to threats faster. Request a Demo Fareed Cheema is the Global Head of Sales Engineering at Torq, leading worldwide pre-sales strategy, execution, and technical innovation. Over the past 3.5 years, he has helped scale Torq’s technical and go-to-market teams while driving customer success in a rapidly changing security automation market.

Read Post