Information security

Information security

‘Between approximately March 30, 2023, and April 25, 2023, on 16 different days, Gong transferred more than 3,600 files from his work laptop to three personal storage devices, including a Verbatim flash drive and two Western Digital external hard drives,’ testified FBI special agent Igor Neyman back in February.

A PoC exploit for CVE-2025-53770 is now available on GitHub, making it easier for multiple parties to exploit the Microsoft SharePoint zero-day.

North Korean threat actors successfully delivered a malware loader named XORIndex through 67 malicious packages on the npm repository, accumulating over 17,000 downloads.

The number of CVE reports is projected to exceed 40,000 in 2025, with an average of 131 reports per day observed in early 2025.

Software Bill of Materials (SBOM) facilitates software composition analysis, allowing organizations to track and manage vulnerabilities in third-party components effectively.

The metrics we often call vanity metrics aren’t just for show; they often reflect teams' limited scope for measurement in the evolving data-driven security landscape.

If you are not auditing roles monthly and practicing the principle of least privilege, you are playing cloud roulette. You may not lose this week, but you will.

Bobby Cooke from IBM X-Force Red confirmed that the Microsoft Teams application was 'a viable WDAC bypass,' demonstrating significant security vulnerabilities in Windows Defender.

Homer's article critically examines the risks of relying heavily on Microsoft, arguing that organizations must improve digital sovereignty and reduce dependency on American cloud services.