On February 12, 2025, Palo Alto Networks published a security advisory for CVE-2025-0108, an authentication bypass vulnerability in the management web interface of PAN-OS. The vulnerability was responsibly disclosed to Palo Alto Networks by Assetnote, who published a blog article with technical details about how to exploit the vulnerability the same day it was disclosed. Since then, proof-of-concept exploit code has emerged publicly.

On February 12, 2025, Palo Alto Networks announced CVE-2025-0108, a high severity (8.8) authentication bypass vulnerability affecting Palo Alto Networks PAN-OS management web interface. Successful exploitation of this vulnerability allows unauthenticated attackers with network access to invoke certain PHP scripts without proper authentication. While it does not lead to remote code execution, it impacts the confidentiality and integrity of the affected system.

Vulnerability scanning refers to the process of evaluating applications, APIs they consume, systems, networks, and cloud environments to identify and pinpoint vulnerabilities within your organization’s digital infrastructure. It involves using automated tools trained to scan for known CVEs, misconfigurations, and potential attack vectors. That said, vulnerability scanning today is more than just ticking checkboxes.

C and C++ programming are notorious for being bug-prone. Let’s look at the most dangerous software weaknesses in 2024 that are relevant for C and C++, so that you know what type of issues to test your code against in 2025. We examined the 2024 CWE Top 25 Most Dangerous Software Weaknesses list developed by Common Weakness Enumeration (CWE) and identified weaknesses relevant to C/C++. These weaknesses can become vulnerabilities. We explained how they occur and how you can uncover them.

Imagine you’re building a blogging web app using Prisma. You write a simple query to authenticate users based on their provided email and password: Looks harmless, right? But what if an attacker sends password = { "not": "" }? Instead of returning the User object only when email and password match, the query always returns the User when only the provided email matches. This vulnerability is known as operator injection, but it’s more commonly referred to as NoSQL injection.

For many security professionals, managing asset visibility feels like an endless game of whack-a-mole. They are stuck in what experts call the “swivel chair approach”—constantly pivoting between multiple dashboards, spreadsheets, and security tools to manually stitch together an understanding of their risk landscape.

Recently, Palo Alto Networks disclosed CVE‑2025‑0108—a high-severity authentication bypass in the PAN‑OS management web interface. Although the flaw does not enable remote code execution, it compromises the confidentiality and integrity of management functions. In this post, we’ll break down the technical details, discuss the exploitation methodology, illustrate configuration and code examples, and outline effective mitigation strategies.

On February 10, 2025, Bishop Fox published technical details and proof-of-concept (PoC) exploit code for CVE-2024-53704, a high-severity authentication bypass vulnerability caused by a flaw in the SSLVPN authentication mechanism in SonicOS, the operating system used by SonicWall firewalls. Shortly after the PoC was made public, Arctic Wolf began observing exploitation attempts of this vulnerability in the threat landscape.

On January 14th, 2025, Belsen Group emerged in the underground forum Breach Forums publishing a list of sensitive data extracted from vulnerable Fortinet FortiGate devices. Since then, they have expanded their malicious activities into acting as initial access brokers. Who are they and what do we know about them? In this blog we’ll give you the lowdown on an ambitious new threat group to be aware of.

In the context of penetration (pen) testing, false positives are where the testing tools or methods identify a security vulnerability or issue that doesn’t actually exist. Essentially, a false alarm. This can happen for a few reasons, such as misconfigurations in the testing tools, incorrect assumptions, or environmental factors.

A small entrepreneur-led digital marketing agency was having a regular morning with client calls, design presentations, and ad discussions. Suddenly, every team member was locked out of their accounts and couldn’t access their e-mails, cloud folders, or even the company bank account – their data had been taken hostage digitally. This isn’t just a cautionary tale.

Researchers recently found another Software Supply Chain issue in BoltDB, a popular database tool in the Go programming environment. The BoltDB Go Module was found backdoored and contained hidden malicious code. This version took advantage of how Go manages and caches its modules, allowing it to go unnoticed for several years. This backdoor allows hackers to remotely control infected computers through a server that sends them commands i.e. via a command and control server.

Building a vulnerability management (VM) program from the ground up is no small feat. It requires technical expertise, organizational buy-in, and a clear roadmap. In recent months, I’ve been working with a client who had to discard their legacy approach and start afresh. We came to realize just how many components have to come together to get a decent start on a VM project while also showing value along the way.

Security teams and developers are drowning in product security alerts. Every security scan generates a flood of issues, and manually reviewing, prioritizing, and assigning each one is time-consuming and inefficient. The result? Critical risks get buried in long backlogs, while developers waste time chasing issues that don’t actually introduce real risk.

Tanium Remediation Visibility is a game-changer for vulnerability and exposure management. This post describes a number of foundational capabilities of Tanium Autonomous Endpoint Management. Check out this Tanium AEM overview for a high-level explanation of capabilities and benefits.

As organizations increase their reliance on cloud services, remote work tools, IoT devices and smart infrastructures, and the use of third-party vendors, their exposure to cyber threats increases. Traditional approaches to vulnerability management are unable to keep up with rapidly changing business needs and an expanding attack surface. While scanning and patching known vulnerabilities remains critical, today’s complex threat landscape demands a more comprehensive strategy.

The question of ownership is one of the biggest reasons vulnerabilities persist in organizations far longer than they should. Who owns vulnerabilities? This isn’t just a theoretical debate—it’s a critical operational issue. Modern scanning solutions excel at identifying and prioritizing vulnerabilities, but without clear ownership, those vulnerabilities often linger unaddressed or improperly documented, increasing an organization’s risk exposure.

Together, Snyk and Google Cloud enable modern security practices that unify cloud and application security efforts. This collaboration simplifies risk management for CISOs, providing a cohesive strategy to protect cloud-native environments and the applications running within them. Security leaders often struggle with fragmented tools that create silos between cloud security and application security teams.

Published first as a whitepaper in late 2024, the 2025 OWASP Top 10 for LLM Applications is yet another monumental effort from OWASP made possible by a large number of experts in the fields of AI, cybersecurity, cloud technology, and beyond—including Mend.io Head of AI Bar-El Tayouri. LLMs are still new to the market but beginning to mature, and the OWASP Top 10 for LLM Applications is maturing alongside it.

The software bill of materials (SBOM) is quickly becoming an essential aspect of open source security and compliance. In this post, we'll delve into what SBOMs are, why they're necessary, and their role in open source security.

Welcome to the Threat Context Monthly blog series where we provide a comprehensive roundup of the most relevant cybersecurity news and threat information from KrakenLabs, Outpost24’s cyber threat intelligence team. Here’s what you need to know from January.

The average data breach costs businesses around $4.5 million to overcome. A single breach could even cause your company to fail. The good news is there are steps you can take to safeguard your sensitive information. Knowing the security threats you face goes a long way toward keeping your data safe. So, which of the following is a configuration vulnerability? We’ve created a guide with the answers. Let’s explore the information you need to know.

As the adoption of large language models (LLMs) continues to surge, ensuring their security has become a top priority for organizations leveraging AI-powered applications. The OWASP LLM Top 10 for 2025 serves as a critical guideline for understanding and mitigating vulnerabilities specific to LLMs. This framework, modeled after the OWASP Top 10 for web security, highlights the most pressing threats associated with LLM-based applications and provides best practices for securing AI-driven systems.