Security | Threat Detection | Cyberattacks | DevSecOps | Compliance
The Latest Cybersecurity News & Insights From Around The World
GhostGPT, the new malicious chatbot and its impact on cybersecurity
At this juncture, it is no surprise that cybercriminals are leveraging the potential of generative artificial intelligence to strengthen their attacks. However, the emergence of new models specifically designed to generate threats quickly has made this task even easier for bad actors. At the end of 2024, researchers discovered a new AI chatbot created for cybercriminal purposes.
API Threat Trends: How Attackers Are Exploiting Business Logic
As businesses rely more on APIs, attackers are quick to turn that trust into opportunity. Among the most dangerous and difficult-to-detect threats are business logic exploits, which let cybercriminals manipulate legitimate functionality to gain unauthorized access, exfiltrate data, or disrupt operations. These attacks often slip past traditional defenses unnoticed, making them a growing concern for security teams.
#211 - Intel Chat: Fog, Operation Endgame, Mustang Panda & Atomic macOS Stealer (AMOS)
In this episode of The Cybersecurity Defenders Podcast, we discuss some intel being shared in the LimaCharlie community.
Build Trust Now: Transparent Dialogue for a Trustworthy Organization #trust #cybersecurity
Building trust shouldn't start when there's already a problem. Learn how to proactively create transparent, trust-first conversations with customers—and why trust must be engineered into your security programs from the start. Building trust isn't reactive—it’s proactive. Discover how to open transparent conversations before issues arise, why trust must be built into every layer of your security program, and how to communicate that trust effectively during the sales process.
You Trust Apple But Not IT?
You trust Apple with your face. But not your IT team? Let’s talk about that.
CTI Roundup: Infostealers, Zero-Day Attacks, and Gremlin Stealer
Infostealers threaten corporate security, Google observes 75 zero-day exploits in 2024, and Gremlin Stealer appears in an underground forum.
Essential Cybersecurity Controls (ECC-1:2018) - A Comprehensive Guide
Cybersecurity threats continue to evolve, posing very real risks to organizations, and nowhere is this risk more pronounced than in entities that handle a nation’s critical infrastructure, as these attacks put public health and safety at risk, harm the environment, or disrupt critical services. The Gulf Cooperation Council (GCC) region plays a vital role in the petroleum industry, with Saudi Arabia ranking among the world's top 10 oil producers by daily output.
Beyond the Red Flags: Responding to a Failed Vendor Audit
Picture this: your vendor’s latest security audit just landed in your inbox, and you spot multiple failure points. What’s your immediate action plan? Failed vendor audits are an uncomfortable but increasingly common reality as reliance on third-party vendors grows, and handling them poorly can lead to data breaches, costly compliance violations, and serious operational disruptions. Knowing how to respond effectively isn't just good practice—it's essential risk management.
CVE-2025-2775: PoC Released for SysAid On-Premises Pre-Auth RCE Vulnerability
On May 7, 2025, watchTowr publicly disclosed technical details and a proof-of-concept (PoC) exploit for a pre-authenticated Remote Code Execution (RCE) chain affecting SysAid On-Premises, a self-hosted IT service management (ITSM) platform used by organizations to manage IT support tasks. Although the vulnerabilities were patched in March 2025, they had not been assigned Common Vulnerabilities and Exposures (CVE) identifiers and were disclosed for the first time with watchTowr’s publication.