Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

JWTs are often used by developers who seek to implement authentication over traditional cookie-based sessions. However, what happens when developers misunderstand JWT security and risk a severe broken authentication vulnerability?

As developers continue to adopt AI tools to transform their workflows, AI-generated code has become more common. In fact, 96% of developers reported using AI coding assistants to streamline their work. Although generative AI (GenAI) tools like ChatGPT can speed up workflows and boost productivity, the security and quality of the outputs aren’t guaranteed.

On March 4, 2025, Broadcom released patches for three zero-day vulnerabilities exploited in the wild, affecting ESXi, Workstation, and Fusion. These vulnerabilities, discovered by Microsoft, range in severity from high to critical. Details of the exploitation have not been revealed at this time, and Arctic Wolf has not identified a public Proof-of-Concept (PoC) exploit.

Measuring enterprise risk posture—its overall security readiness and resilience—is a complex challenge. Advanced security solutions, such as automated vulnerability management tools and unified risk dashboards, enable organizations to defend their networks with unprecedented efficiency. The rapid expansion of cloud environments and the intricacies of modern IT infrastructures, however, present an increasingly dynamic attack surface.

When generative AI first emerged, the cybersecurity community primarily focused on two promising benefits. However, a concerning “third angle” has now been demonstrated: AI as an attacker – powerful AI systems in the hands of malicious actors, autonomously exploiting vulnerabilities with minimal human guidance.

Today, Outpost24 is excited to announce the launch of its new CyberFlex solution, a flexible combination of ASM and PTaaS. With two-thirds of organizations having experienced a cyberattack via unmanaged internet-facing assets, the CyberFlex solution provides an unmatched approach to the comprehensive discovery, risk management, and protection of all your external-facing applications.

A newly discovered critical vulnerability in the XWiki Platform, tracked as CVE-2025-24893, allows unauthenticated remote code execution (RCE) through the SolrSearch macro. This vulnerability was assigned a CVSS score of 9.8 as rated by GitHub, Inc.)

Apple had to deal with another active security vulnerability. The company has recently issued emergency patches for iOS and iPadOS, which fixed CVE-2025-24200-an alarming zero-day flaw that might have allowed cybercrooks to disable USB Restricted Mode on locked devices. The purpose of the update is to ward off possible cyber-physical attacks and keep data from unauthorized extraction.

Ever get one of those annoying error messages on your phone that gives way too much detail? You know, the ones that tell you the line of code that failed or the exact database query that crashed the app. As an app user, you may dismiss the message and move on. But did you know those overly verbose error messages could be exposing your personal data?