On January 22, 2025, SonicWall published a security advisory detailing an actively exploited remote command execution vulnerability in SMA1000 appliances. The critical-severity vulnerability, CVE-2025-23006, is a pre-authentication deserialization of untrusted data vulnerability that has been identified in the SMA1000 Appliance Management Console (AMC) and Central Management Console (CMC). If exploited, it could allow unauthenticated remote threat actors to execute arbitrary OS commands.

DoD, GSA, and NASA recently published a proposed amendment to the Federal Acquisition Regulation (FAR): Controlled Unclassified Information (FAR Case 2017-016) or ‘FAR CUI Rule’. It presents critical updates on managing Controlled Unclassified Information (CUI) in federal contracts, aiming to create a uniform approach across government agencies for handling and protecting sensitive information while addressing gaps in current policies.

In this episode of Trust Issues, host David Puner dives into the recent high-profile cyberattack on the U.S. Treasury Department. Joined by Andy Thompson, CyberArk Labs’ Senior Offensive Research Evangelist, and Joe Garcia, CyberArk’s Principal DevOps Solutions Engineer, they explore the timeline, details and implications of the attack. Discover proactive security recommendations, insights into zero-day vulnerabilities and the broader impact on federal cybersecurity.

A strong reputation is vital for business success, influencing customer loyalty and spending decisions. When a brand’s reputation is damaged, customers often turn to competitors, which can reduce key metrics like lifetime customer value. Trust is central to a brand’s reputation. Customers expect their personal data to be secure, pricing to be fair, and services to be reliable. However, bot attacks undermine this trust.

At Jit, we are proud to announce our participation in a consortium of companies that have come together to launch Opengrep, a continuation of Semgrep’s groundbreaking OSS. Opengrep is born out of our shared commitment to keeping static code analysis open, accessible, and community-driven.

AI is revolutionizing our lives in terms of productivity, automation, customer service, and more. AI is becoming so important that organizations increased spending on compute and storage hardware infrastructure for AI deployments by 37% year-over-year in the first half of 2024, reaching $31.8 billion. However, like most technological advances, the good often comes with the bad.

Read also: Europol’s largest-ever operation seizes millions in criminal assets, Italian teen arrested for hacking, and more.

Penetration testing (aka pentesting or ethical hacking) might sound intense—and honestly, it is—but think of it as your digital stress test. Ethical hackers mimic real cyberattacks on your systems to find weak spots before the bad guys do. The coolest part? Pen tests come in different flavors, each targeting specific risks. So, how do you know when it’s time for a pentest? How often should you schedule them? And which one is right for your business?

In January, Netskope Threat Labs observed a new malware campaign using fake CAPTCHAs to deliver Lumma Stealer. Lumma is a malware that works in the malware-as-a-service (MaaS) model and has existed since at least 2022. The campaign is global, with Netskope Threat Labs tracking victims targeted in Argentina, Colombia, the United States, the Philippines, and other countries around the world.