Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Authentication Bypass in the default configuration phpBB

June 10th, we announced a critical vulnerability in phpBB that lets attackers bypass authentication, now known as CVE-2026-48611. This post is a follow-up, containing technical details that explain exploit scenarios and detection methods. To get you up to speed, phpBB is an old forum software that's still being used today by various technical communities. phpBB's Site Showcase alone has over 6 million members.
Featured Post

Anthropic and The Monster Outside the Fable

The reports surrounding Anthropic's Mythos 5 and Fable 5 have generated the usual reactions. Some see a necessary security measure and others see government overreach. Anthropic has disputed portions of the reporting and pushed back that the models represent an extraordinary threat. And now we're in a familiar grey area that is Anthropic models.

10 best network device management software

Network outages are still painfully expensive, and configuration mistakes are one of the biggest culprits. A 2023 analysis of Uptime Institute data shows that configuration and change management failures are the top cause of major network outages, responsible for around 45% of network incidents. Even a small configuration slip on a core switch can cascade into large-scale downtime. That’s why consistent, well-governed network device management is key to keeping business services uninterrupted.

Top tips: How to use public Wi-Fi without handing your data to a stranger

Top tips is a weekly column where we highlight what's trending in the tech world and list practical ways to explore these trends. This week, we are tackling something almost everyone does without thinking twice: connecting to public Wi-Fi (and what it could be costing you without you ever knowing). You are at an airport, a coffee shop, or a hotel lobby. You notice your data plan is running low and scroll through the available networks. And there it is: Free Wi-Fi—no password required.

OWASP Top 10 for Agentic Applications 2026: What It Means for Enterprise AI Security

OWASP, the Open Worldwide Application Security Project, has published Top 10 lists for over two decades to help security teams prioritize the risks that matter most. The original OWASP Top 10 for web applications became the industry’s default checklist for application security. When large language models moved into production, OWASP followed with the Top 10 for LLM Applications, addressing risks like prompt injection and sensitive information disclosure in single-turn model responses.

New pattern analysis techniques to defend against fraud

Sophisticated fraudsters scale systems to increase their ROI. But it’s also a weakness that you can exploit to shut down fraud rings and keep attacks from scaling. In this discussion, fraud experts Nisreen Hussain, Irfan Faizullabhoy, and Ashley Fang show off how pattern and link analysis stop AI-powered fraud, account takeovers, and large fraud rings.

Candidate verification: Stop fraud before it enters your workforce

Sophisticated fraudsters are now targeting the recruiting process. Whether it's a "fake" candidate built on synthetic data, an interviewee hiding behind a deepfake, or a candidate getting a friend to take their technical test, hiring teams are facing a fraud crisis.