Content Paint
Search
Sign in
Membership

Security

Security  | Jan 16, 2024
Ivanti VPN appliance exploitation now happening at scale
Ivanti VPN appliance exploitation now happening at scale

VPN appliances "all appear to have been constructed with the code equivalent of string, stamped with the word ‘secure’ and then just left to decay for 20 years..."

 |  Security  | Jan 15, 2024
OpenAI, TikTok, X hunt insider threat specialists -- on widely diverging salary bands
insider threat risks

"In every insider threat case, there is a combination of network activity and employee behaviour. The malicious activity crosses both physical and electronic modalities..."

Security  | Jan 10, 2024
Pre-auth RCE zero days in Ivanti VPNs are being exploited by a Chinese APT and there won’t be a patch for weeks. Buckle up.
Pre-auth RCE zero days in Ivanti VPNs are being exploited by a Chinese APT and there won’t be a patch for weeks. Buckle up.

Attackers re-write JavaScript loaded by the VPN login page for the Appliance to capture credentials; also grabbed Veeam credentials, moved laterally for full SYSTEM control.

Patch Tuesday  | Jan 10, 2024
Patch Tuesday brings lots of chaff, a little buggy wheat too. Some CVE highlights to review.
Patch Tuesday brings lots of chaff, a little buggy wheat too. Some CVE highlights to review.

One vulnerability bears a striking resemblance to an 0day that was actively exploited in the wild in November 2023.

X  | Jan 10, 2024
SEC’s X account hacked: Unlike Mandiant, no MFA was in place
SEC’s X account hacked: Unlike Mandiant, no MFA was in place

"The SEC has not approved the listing and trading of spot bitcoin exchange-traded products"

 |  ransomware  | Jan 09, 2024
Disclosed ransomware attacks hit two-per day in December: The real figure is ~500% higher
Disclosed ransomware attacks hit two-per day in December: The real figure is ~500% higher

"Simulate and exercise breach readiness, especially abilities to reduce blast radius of a cyber attack. Involve top leadership, the board, and customers in separate cyber war games, as often as practical..."

Security  | Jan 08, 2024
Software licensing bug percolates pre-auth RCE risk downstream to PLC-land
Software licensing bug percolates pre-auth RCE risk downstream to PLC-land

Another arguably more potent example and one actively exploited in the wild is CVE-2023-46604 – a CVSS 10 RCE vulnerability in Apache ActiveMQ; an open source message broker written in Java.

Security  | Jan 05, 2024
The Big Interview: Rubrik CEO Bipul Sinha on going from no running water, to running a $500m business
The Big Interview: Rubrik CEO Bipul Sinha on going from no running water, to running a $500m business

On Magic Quadrants, deal size, changing approaches to cyber-resilience and learning from his father.

 |  Security  | Jan 05, 2024
AWS rattles customers with unclear warning over mystery "recent CVE"
AWS rattles customers with unclear warning over mystery "recent CVE"

Warns users it will terminate affected tasks, but leaves a lacuna... (Fear not, we're here with details)

Interviews, insight, intelligence, and exclusive events for digital leaders.

© 2026 The Stack
©  2026 The Stack

Search the site
Your link has expired. Please request a new one.
Your link has expired. Please request a new one.
Your link has expired. Please request a new one.
Great! You've successfully signed up.
Great! You've successfully signed up.
Welcome back! You've successfully signed in.
Success! You now have access to additional content.