Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

CVE-2025-64459 is a critical SQL injection vulnerability in the Django web framework’s ORM. It affects Django 5.1 versions earlier than 5.1.14, Django 4.2 versions earlier than 4.2.26, and Django 5.2 versions earlier than 5.2.8. Earlier, unsupported series such as 5.0.x, 4.1.x, and 3.2.x were not evaluated and may also be affected, which makes legacy deployments especially risky.

Security teams are facing a daunting challenge: today’s cyberattacks are slower, quieter, and more difficult to spot than ever before. Adversaries, from nation-state actors to malicious insiders, have mastered the art of flying under the radar. They stretch their activities over days, weeks, or even months, using legitimate credentials and tools to disguise their actions as normal business operations. The uncomfortable truth is that most SIEM and XDR platforms are stateless.

Modern businesses are more reliant on mobile devices than ever before. Employees need smartphones and tablets for communication, productivity, and even security authentication. As remote and hybrid work setups become more common, mobile technology is necessary for keeping workers connected to their organizations. At the same time, these devices expose a weak link in the cybersecurity chain: the human layer.

Last week, someone commented on my post about 47-day certificates: This perfectly captures our collective delusion that SSL certificate revocation works. You click a button, the certificate stops working. And why wouldn’t we believe that? Every CA has a big “Revoke Certificate” button right there in the dashboard. It must do something, right? Here’s the dirty truth: most revoked certificates keep working.

Phishing has been a mainstay of cybercrime for decades – and for good reason. Threat actors continually evolve their phishing tactics, techniques, and procedures (TTPs), adapting the method with new tools and technologies to ensure it remains highly effective. IT leaders have become especially attractive targets: their privileged access amplifies the impact of a successful compromise.

The World Economic Forum (WEF) recently published an article on cyber resilience that resonates with conversations we have daily at Arctic Wolf. Their central argument — that organizations need to move beyond basic prevention toward comprehensive, measurable resilience — reflects what we’re hearing from business leaders across industries.

On November 11, 2025, SAP published a security advisory as part of their November security patches, addressing a maximum severity vulnerability identified as CVE-2025-42890 in SQL Anywhere Monitor (Non-GUI) version 17.0. The vulnerability involves hard-coded credentials, which exposes system resources to unauthorized users and allows threat actors to execute arbitrary code without authentication.

For years, the cybersecurity industry has celebrated “more detections” as proof of effectiveness. Dashboards filled with alerts were seen as signs of vigilance and control. But in practice, the opposite is true: too many alerts create noise, fatigue, and blind spots that delay real responses. When analysts are buried under a flood of low-value detections, the attacker always moves faster.

SessionReaper (CVE-2025-54236), an unauthenticated vulnerability in the Commerce REST API enables session takeover and possible RCE. If you run Adobe Commerce or Magento Open Source, this critical, pre-auth vulnerabilities can let attackers hijack customer accounts, manipulate orders, and in many real-world setups drop persistent PHP web shells on your servers.

Last week, Palantir filed a lawsuit in Manhattan federal court alleging that two former senior engineers used Slack to transfer confidential documents - including healthcare demonstration frameworks, revenue cycle diagrams, and customer deployment plans - the day after one of them gave notice. The documents were allegedly accessed later on a personal phone. The engineers had since joined Percepta, a competing AI startup backed by General Catalyst that emerged from stealth mode in October.