Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Critical Vulnerability Alert: CVE-2025-40551 in SolarWinds Web Help Desk

A critical vulnerability (CVE-2025-40551) has been identified in SolarWinds Web Help Desk, a widely used IT service management platform deployed across enterprise and public sector environments to manage support tickets, assets, and internal workflows. Successful exploitation could allow an unauthenticated attacker to execute arbitrary commands on the underlying host system.

Comprehensive Data Exfiltration Prevention: A New Architecture for Modern Threats

The exfiltration problem has evolved beyond what traditional DLP was designed to solve. Your employees work across personal AI assistants, multiple browsers, dozens of SaaS applications, and offline environments. They collaborate through Git, communicate via email clients, and store data on external drives. Each interaction represents a potential data loss vector—and legacy solutions can't see most of them.

The Nike Breach, Why Traditional DLP Failed, & What Security Teams Need Now

When WorldLeaks claimed to have exfiltrated 1.4TB of Nike's corporate data—188,347 files containing everything from product designs to manufacturing workflows—the incident revealed something more significant than another headline-grabbing breach. It exposed a fundamental gap in how organizations approach data loss prevention. The breach reportedly included technical packs, bills of materials, factory audits, strategic presentations, and six years of R&D archives.

PCI-DSS 4.0 Compliance in the Cloud: For Financial Services

Financial services firms handling payment card data just ran out of runway. As of March 31, '25, PCI-DSS 4.0 compliance is mandatory. The 64 new requirements that organizations could previously treat as best practices are now enforceable, and auditors are scrutinizing every control. According to Verizon’s 2024 Payment Security Report, only 14.3% of organizations achieved full PCI-DSS compliance during interim assessments. That means most firms are closing gaps while managing day-to-day operations.

Warning: A LinkedIn Phishing Campaign is Targeting Executives

A phishing campaign is abusing LinkedIn private messages to target executives and IT workers, according to researchers at ReliaQuest. The messages attempt to trick victims into opening an archive file, which will install a legitimate pentesting tool. “A critical element of this attack was the use of a legitimate, open-source Python script designed for pen-testing,” ReliaQuest says.

January Release Rollup: Egnyte MCP Server, File Server Connector, and More

We’re excited to share new updates and enhancements for January, including: For more info on these updates, check out the list below and dive into the detailed articles. Please join the Egnyte Community to get the latest updates, chat with experts, share feedback, and learn from other users.

What is Secrets Management? Types, Challenges, Best Practices & Tools

Every day, thousands of developers unknowingly leave the keys to their company’s lying around… in code. It sounds crazy, right? But it happens more often than you think. A single hardcoded AWS access key, an overlooked database password, or an exposed API token on GitHub can be all it takes. And the result? Multi-million-dollar breaches, lost customer trust, and a brand reputation that takes years to rebuild. Hackers don’t need to break in when you leave the door wide open.

When AI Can Act: Governing OpenClaw

Agentic AI burst into public consciousness this week with talk of Moltbook – a social network designed for AI agents built on OpenClaw (formerly Clawdbot and Moltbot). The resulting conversations about identity, forming a new religion, social engineering humans, and more between bots have sparked alarms everywhere. For IT leaders, one thing is clear: AI crossed a meaningful threshold.

DevSecOps Tools for Continuous Security Integration

If you’re an engineering manager in 2026, it’s almost certain you’re already exploring DevSecOps tools… by necessity as much as by choice. The reasons are clear: security is no longer a side concern or a tick-box for regulated industries. Even non-regulated businesses now face rigorous customer security questionnaires, growing SOC 2 and supply chain requirements, and persistent threats (especially related to AI-generated code) that make security non-negotiable.