Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

PII Detection in Unstructured Text: Why Regex Fails (And What Works)

Let’s look at something many teams quietly struggle with. Detecting PII inside unstructured text. It feels like it should be simple. After all, we’ve used regular expressions for years to find emails, phone numbers, and ID formats. Yet when we deploy regex in real environments. ticket systems, chat logs, CRM notes, uploaded documents, support transcripts. something becomes clear very quickly. Regex isn’t enough.

Data Leakage: AI's Plumbing Problem

Sensitive information disclosure ranks on the OWASP Top 10 for LLM Applications, and for good reason. When AI-powered applications inadvertently expose private data like personally identifiable information (PII), financial records, health information, API keys, or proprietary business intelligence, the consequences cascade quickly: regulatory violations, competitive disadvantage, and shattered user trust.

CVE-2025-10573: Critical Unauthenticated Stored XSS in Ivanti Endpoint Manager

A newly disclosed vulnerability in Ivanti Endpoint Manager (EPM) tracked as CVE-2025-10573 allows unauthenticated attackers to inject persistent JavaScript into the EPM administrative dashboard. Assigned a CVSS score of 9.6, this vulnerability presents a critical security risk because it enables attackers to hijack administrator sessions and gain full control over managed endpoints.

Enumerating Users and Mailboxes in Microsoft Outlook 365 Web

During our research into Microsoft 365 security, we discovered a flaw in Outlook on the web (OWA) that exposed information about users and their mailboxes. By manipulating certain request headers against the “/owa/service.svc” endpoint, an attacker could not only confirm whether a user account existed, but also determine if that account had a mailbox associated with it.

When Your Fraud Detection Tool Doubles as a Wellness Check: The Unexpected Intersection of Security and HR

Let’s face it: humans are creatures of habit, and nothing rattles us quite like the prospect of change. (Just ask anyone who’s dared to swap out the office coffee brand—revolutions have started over less.) According to SHRM's research on change fatigue, today’s relentless pace of disruption is exhausting employees faster than a budget ergonomic chair. But here’s where it gets fascinating—where security, HR, and fraud analysis converge in ways you might not expect.

Why Choose Active Directory Management Over Manual Scripts

A mid-sized company once tried to handle all its AD updates with a set of PowerShell scripts. Things worked fine while the user count was small, but trouble showed up once they crossed a thousand accounts. A script missed a group update, a disabled user stayed active for two extra days, and a bulk change took almost an entire afternoon to fix. None of this was a technical failure. It was the natural limit of manual scripting.

Extortion-as-a-Service: The Latest Threat Actor Criminal Ecosystem

For centuries, threat actors, both cyber and physical, have understood the benefits of using extortion to further their criminal activities. This has led some cyber threat groups to create Extortion-as-a-Service (EaaS) businesses. These are a formalized way for cybercriminals to offer extortion services to others for a fee or profit share. And, as we shall see, it is just one of many newer -as-a-service models that threat actors are applying.

Risk, Reward, and Reality: How to Decide the Right Amount to Invest in Crypto

Entering the world of crypto can feel exhilarating. Stories of rapid gains and high-profile success can make even cautious investors consider dipping their toes into digital assets. Yet, alongside the potential for reward comes significant risk. Understanding how much to invest in crypto is less about chasing opportunity and more about aligning investments with your financial reality, goals, and tolerance for volatility.