A now-patched critical security flaw in the Wazur Server is being exploited by threat actors to drop two different Mirai botnet variants and use them to conduct distributed denial-of-service (DDoS) attacks. Akamai, which first discovered the exploitation efforts in late March 2025, said the malicious campaign targets CVE-2025-24016 (CVSS score:Read More »Two Distinct Botnets Exploit Wazuh Server Vulnerability to Launch Mirai-Based Attacks

Orca Security recently released the 2025 State of Cloud Security Report, finding that 84% of organizations now use AI in the cloud, and 62% of organizations have at least one vulnerable AI package.

A Cisco vulnerability could affect cloud deployments of Cisco Identity Services Engine (ISE) in certain systems. 

Behind every security alert is a bigger story. Sometimes it’s a system being tested. Sometimes it’s trust being lost in quiet ways—through delays, odd behavior, or subtle gaps in control. This week, we’re looking beyond the surface to spot what really matters. Whether it’s poor design, hidden access, or silentRead More »⚡ Weekly Recap: Chrome 0-Day, Data Wipers, Misused Tools and Zero-Click iPhone Attacks

You don’t need a rogue employee to suffer a breach. All it takes is a free trial that someone forgot to cancel. An AI-powered note-taker quietly syncing with your Google Drive. A personal Gmail account tied to a business-critical tool. That’s shadow IT. And today, it’s not just about unsanctionedRead More »Think Your IdP or CASB Covers Shadow IT? These 5 Risks Prove Otherwise