Recently, Palo Alto Networks disclosed CVE‑2025‑0108—a high-severity authentication bypass in the PAN‑OS management web interface. Although the flaw does not enable remote code execution, it compromises the confidentiality and integrity of management functions. In this post, we’ll break down the technical details, discuss the exploitation methodology, illustrate configuration and code examples, and outline effective mitigation strategies.

The holiday season may be over, but cybercriminals aren’t done shopping for victims. Check out how you can stay protected from these scams that put your payment details and personal data at risk.

Scammers are turning your favorite social media platforms into digital hunting grounds — learn how to spot and avoid their latest tactics.

Read also: US SEC X account hacker pleads guilty, four alleged Phobos ransomware operators arrested in Thailand, and more.

As AI Agents continue to revolutionize everything about how business is done, ensuring the security of these agents has become paramount. While organizations have rushed to adopt DLP processes and whitelist/blacklist policies to block the use of malicious prompts, it’s worth noting that DLP and firewalls have been around for a very long time and have proven limited in mitigating the risks of users copy/pasting sensitive information onto the internet.

Let’s catch up on the more interesting vulnerability disclosures and cyber security news gathered from articles across the web this week. This is what we have been reading about on our coffee break! A very popular setup under active attack. Watch out!

Unlike static environments, cloud workloads are constantly shifting, with containers and virtual machines spinning up and down, and crucial sensitive information flowing dynamically across multiple platforms. Recent incidents, such as the increase in container-based malware infections and cloud misconfigurations resulting in major data breaches, have highlighted the need for runtime security.

A lightweight, PowerShell-based SMB enumeration and data-gathering tool for red team engagements and penetration testing. This tool is designed to work natively on Windows without the need for external dependencies like Python or Linux-based utilities.