On January 22, 2025, SonicWall published a security advisory detailing an actively exploited remote command execution vulnerability in SMA1000 appliances. The critical-severity vulnerability, CVE-2025-23006, is a pre-authentication deserialization of untrusted data vulnerability that has been identified in the SMA1000 Appliance Management Console (AMC) and Central Management Console (CMC). If exploited, it could allow unauthenticated remote threat actors to execute arbitrary OS commands.

It’s a warm, sunny day as you lie in the sand under a big umbrella. Suddenly, you feel the waves crashing against your feet, only to look down and see numbers, letters, usernames, and timestamps. You try to stand up, but you feel the tide of big data pulling you under… With a jolt, you wake up, realizing that you were having another nightmare about your security Data Lake and analytics.

Protegrity specializes in protecting sensitive data, a focus we’ve maintained for around 20 years. Our customer base includes many large enterprises, particularly in the healthcare and financial sectors, spanning across the globe. Our clients include some of the most renowned companies worldwide.

Salt Typhoon is suspected to be an Advanced Persistent Threat (APT) group. Their origins are linked to state-sponsored entities in Asia, leveraging their technical expertise to breach some of the world’s most critical telecom infrastructure. Unlike ransomware groups that aim for monetary gain, Salt Typhoon’s primary objective is espionage, focusing on data theft and surveillance.

It’s been over a decade since DevSecOps was introduced as a transformative approach to software development, but adoption remains uneven. Despite its promise of seamless integration between development, security, and operations, only 38% of organizations report fully automating the addition of new projects, branches, or repositories into their security testing queues.

Secrets buried in container registries pose a silent risk. Learn about their hidden vulnerabilities and what steps you can take to safeguard your infrastructure.

At Pentest People, we prioritise customer feedback to continually enhance SecurePortal. Based on your suggestions, we are thrilled to introduce two major new features: Single Sign-On (SSO) and Company Tasks, alongside other key improvements. Company Tasks lets you efficiently manage outstanding questionnaires and proposals requiring attention. Easily assign tasks to the most suitable team members within your organisation, ensuring timely action.

At Jit, we are proud to announce our participation in a consortium of companies that have come together to launch Opengrep, a continuation of Semgrep’s groundbreaking OSS. Opengrep is born out of our shared commitment to keeping static code analysis open, accessible, and community-driven.

Show your customers and supply chain you can manage application risks with secure coding practices. Assess yours before it’s too late. Box-ticking approach to penetration tests is long gone. We help you identify, analyse and remediate vulnerabilities so you don’t see the same pentest report next time.

Penetration testing (aka pentesting or ethical hacking) might sound intense—and honestly, it is—but think of it as your digital stress test. Ethical hackers mimic real cyberattacks on your systems to find weak spots before the bad guys do. The coolest part? Pen tests come in different flavors, each targeting specific risks. So, how do you know when it’s time for a pentest? How often should you schedule them? And which one is right for your business?