Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Make Your Real Emails Less Phishy

I infrequently get emails from customers who are frustrated because their employer sent out some legitimate mass email to all employees that unfortunately had all the hallmarks of a malicious phishing attack. Everyone gets worked up about it and a large percentage of people report it as a possible phishing attack. And it is not. It is just frustrating. Sound familiar?

Unmanaged Endpoints: Your Security Blind Spot

It’s Monday morning and the coffee shop is full of telecommuters, sipping lattes and catching up on emails. The way organizations enable work has changed. With the rise of SaaS applications and cloud-first strategies, employees, contractors and third parties frequently access corporate assets from personal, unmanaged laptops.

Insider Risk with Nightfall DLP: Episode 1 - Prevent Personal Cloud Store Uploads

Insider risk is a tricky challenge for security teams: how can you tell the good actors from the bad, or intentional actions from mistakes? Anyone with approved access to endpoints and SaaS systems could expose data to exfiltration risk if those systems are focused solely on preventing outsiders from getting in.

How Ditching RSA Made Teleport 77% More CPU-Efficient

In Teleport 17 we made the switch from RSA to ECDSA and Ed25519, and it paid off with improved security and significant performance benefits. This was a major undertaking; Teleport has used 2048-bit RSA keys for just about everything since our initial release. Switching to new key types and signature algorithms came with serious compatibility concerns given the broad range of environments Teleport is deployed in and the number of third party tools that use or trust Teleport-issued certificates.

Is TensorFlow Keras "Safe Mode" Actually Safe? Bypassing safe_mode Mitigation to Achieve Arbitrary Code Execution

Update: This issue was discovered and disclosed independently to Keras by JFrog’s research team and Peng Zhou. Machine learning frameworks often rely on serialization and deserialization mechanisms to store and load models. However, improper code isolation and executable components in the models can lead to severe security risks. The structure of the Keras v3 ML Model in TensorFlow.

10 Privileged Access Management Best Practices

Privileged access management (PAM) is the cornerstone of data security and operational efficiency. A well-structured PAM strategy not only reduces the risk of security threats but also enhances IT processes and productivity in an organization. However, implementing an effective PAM strategy requires a comprehensive approach.

Exploited! Apache Tomcat Path Equivalence Vulnerability (CVE-2025-24813)

Apache Tomcat recently disclosed a critical security vulnerability, CVE-2025-24813, affecting several versions of its widely used servlet container. This vulnerability arises from improper handling of path equivalence checks involving filenames with internal dots (file…txt). Exploitation could result in unauthorized information disclosure, file manipulation, and even remote code execution (RCE).