Security | Threat Detection | Cyberattacks | DevSecOps | Compliance
The Latest Cybersecurity News & Insights From Around The World
Exposure Management Platforms Explained
If you work in cybersecurity, you likely know the feeling of the "CVE Treadmill." It is the exhausting cycle where security teams scan systems, log thousands of vulnerabilities, prioritize them by a static severity score, and send tickets to IT to patch them. Then, the next day, they do it all over again. The problem is that the treadmill is moving faster than you are.
Bug Bounty Programs (2025) | Definition, Platforms & Costs
“Tech giants pay hackers millions to hack them – on purpose.” What once sounded like a risky experiment has now become standard practice in cybersecurity. Bug bounty programs have moved from the fringes into the mainstream because traditional defenses alone can’t keep up with today’s scale and sophistication of attacks.
Apache Tomcat Vulnerability CVE-2025-55752: Risk & Protection
CVE-2025-55752 exposes a dangerous path traversal flaw in Apache Tomcat caused by a rewrite and decoding regression. This video breaks down how the bug works, why it becomes severe when combined with HTTP PUT, which versions are affected, and what teams must do to patch or mitigate it. We also show how WAAP protection blocks exploitation attempts even before servers are updated.
Introducing Astra Cloud Vulnerability Scanner: Multi-Cloud Security Built for Scale
1.8X, that’s how much cloud vulnerabilities have skyrocketed over the past year, fueled not just by attackers but by the routine tweaks teams make every day. Modern vulnerability scanners were built to find everything that looks risky. They just never learned to tell what actually is. Dashboards lit with thousands of “critical” alerts, endless CSVs, and reports that read like alarm bells on repeat. Yet less than 10 percent of those alerts ever lead to a real exploit.
Snyk Log Sniffer: AI-Powered Audit Log Insights for Security Leaders
Snyk empowers organizations to build fast and stay secure. As security and engineering teams scale their use of Snyk across the enterprise, understanding what's happening across your group and organizations becomes critical–from API integrations and user access patterns to policy changes and security events. However, raw audit logs alone can be overwhelming and difficult to interpret. Security leaders need instant visibility into critical events, risk patterns, and user activity.
CVE-2025-61757: Critical Pre-Auth RCE in Oracle Identity Manager
A newly disclosed vulnerability, CVE-2025-61757, exposes Oracle Identity Manager (OIM) to unauthenticated remote code execution (RCE). The flaw affects OIM versions 12.2.1.4.0 and 14.1.2.1.0 and carries a CVSS 9.8 Critical rating. CISA has added it to the Known Exploited Vulnerabilities (KEV) catalog — meaning active exploitation is confirmed.
Shai-Hulud: The Second Coming Hits npm Users
Once again, the npm supply chain has been compromised, putting developers relying on these vital open source components at risk. On November 24th, a sophisticated attack that borrows techniques from the Shai-Hulud malware used in the npm hijacking this past September was discovered. This is not an isolated incident. It’s a continuation of an existing campaign that is now abusing CI/CD pipelines, and GitHub automation to spread faster and steal more secrets than before.