Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

On September 17, 2025, WatchGuard released fixes for a critical out-of-bounds write vulnerability (CVE-2025-9242) in the iked process of WatchGuard Fireware OS, which powers their Firebox firewall appliances. This flaw allows a remote unauthenticated threat actor to execute arbitrary code and affects both the mobile user VPN with IKEv2 and the branch office VPN with IKEv2 when configured with a dynamic gateway peer.

On September 17, 2025, SonicWall released a knowledge base article detailing the exposure of firewall configuration backup files stored in certain MySonicWall accounts. SonicWall states that after identifying the incident they began an investigation containing the incident, terminating the ‘unauthorized access point’, and working with law enforcement and select cybersecurity agencies globally.

MSSPs don’t succeed because of the vendors they choose or the SIEM they prefer. They succeed when their operating model scales profitably. Yet most industry content feels like sales brochures, comparing one tool to another. The truth is, successful providers use many combinations of vendors. What separates winners from losers isn’t which tools they pick, it’s the foundation they build on.

Containerized applications have become the backbone of modern digital services. They allow you to package applications and dependencies into portable units that can run anywhere—on-premises, in private clouds, or across public cloud platforms. But with this agility comes risk. Containers, like any other software, are prone to vulnerabilities.

The traditional network perimeter is dead. Your sensitive data now travels paths that legacy DLP solutions can't see—from Salesforce to Google Drive, across laptops, into personal Dropbox accounts, and through AI chatbots. No single traditional DLP catches all of this. We're at a turning point where shadow AI and rapid data movements expose blind spots that legacy solutions simply can't address. The reality?

A new and dangerous self-replicating worm has been identified targeting the JavaScript repository NPM, infecting at least 187 code packages. The novel malware strain is engineered to steal credentials from developers and publish them to a new public GitHub repository. The worm automatically propagates itself by copying its code into the top 20 most popular packages maintained by the compromised user and publishing them as new versions.

Complying with the Digital Operational Resilience Act (DORA) means proving that resilience is built into daily operations through ongoing, evidence-backed practices. SafeBreach, the leader in enterprise exposure validation, helps institutions meet DORA’s key requirements by simulating real-world threats across the MITRE ATT&CK framework.

Every mature security program starts somewhere. For many organizations—especially startups and early-stage companies—this is what the NIST Cybersecurity Framework (CSF) calls the partial stage. ‍ At this level, security is often reactive. Teams operate with minimal resources and ad-hoc processes, working hard to meet customer or compliance demands but without the structure or long-term strategy needed to scale.

Discover how to automatically detect secrets in GitLab CI logs using ggshield and GitGuardian's Bring Your Own Source initiative. Learn to set up real-time scanning to prevent credential leaks, enhance compliance, and secure your entire CI/CD pipeline from hidden risks.

The AI revolution is moving at breakneck speed. Every week, new tools, frameworks, and integrations hit the market. Developers eager to harness the power of large language models and automation platforms are spinning up assets with little thought to long-term security. The result is a wave of exposed services — chatbots, APIs, orchestration tools, and workflow systems — that anyone on the internet can stumble upon. Attackers see this as an open invitation.