Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

I recently discovered an interesting race condition vulnerability in the eCommerce software nopCommerce, during a manual pen test as part of the SWAT service (SWAT is Outpost24’s Pen Testing as a Service solution). This vulnerability (CVE-2024-58248) involves nopCommerce, an open-source eCommerce platform written in C#, which aids developers in building online stores. When exploited, it allows an attacker user to redeem a gift card multiple times by using a technique called a single-packet attack.

In June 2025, Israel carried out airstrikes against key Iranian military and nuclear facilities. Iran swiftly retaliated, escalating regional tensions to unprecedented levels. This military confrontation has not only unfolded in conventional warfare but also triggered a massive surge in cyber operations. Almost immediately after the kinetic attacks, numerous hacktivist groups began launching cyberattacks primarily targeting Israel and its international allies.

Almost 30 years ago, two graduate students at Stanford University — Larry Page and Sergey Brin — began working on a research project they called Backrub. That, of course, was the project that resulted in Google. But also something more: it created the business model for the web. The deal that Google made with content creators was simple: let us copy your content for search, and we'll send you traffic.

Did you hear the news? You can now build and deploy agents in Tines using the AI Agent action type - an evolution of our AI action! AI on the Storyboard just got even more powerful, with the opportunity to build your workflows as autonomous as you choose with the help of an agent. Using the tools from your tech stack, the agents you build are designed to reason, decide, and act on your behalf. Curious to see it in action?

We’re excited to share that Splunk Attack Analyzer recently introduced the ability to translate content and achieved SOC 2 Type II certification.

Every time someone asks me about building their AI policy, I die a little inside. Not because it’s a bad question, but because my answer is always the same: “Can we not build it off pure fear for once?” Most people don’t understand how AI architecture works, so their first instinct is to panic. And, we’ve seen this movie before: cloud, mobile, bring your own device (BYOD).

Five centuries after the printing press was invented, the digital age began. With significant revolutions in knowledge dissemination, the era taking place now has seen vast amounts of information become instantly accessible. Whilst this is generally seen as a positive in most countries worldwide, malicious intentions persist across the digital world.

Arctic Wolf has recently observed a campaign targeting the legal industry using a combination of brute-force and spearphishing techniques. Threat actors initially attempted to brute-force multiple user accounts. After those efforts were unsuccessful, they pivoted to spearphishing by sending spoofed emails that appeared to originate from internal users. These emails used the subject line “Reminder-Your-to-do-list” and contained a malicious.HTM attachment.