Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Authentication is used by most web applications. Both for letting users have access to individual accounts, but also for protecting certain resources from the public. Basic authentication allows an individual to prove to the application that they are the user that is trying to access it. Unfortunately, authentication vulnerabilities are often found by pen testers too. While there are many forms of authentication, the most common implementations are that of the username and password.

The CA/Browser Forum’s recent unanimous vote to reduce maximum public TLS certificate validity to just 47 days by March 2029 marks a seismic shift in the digital security landscape. This new standard isn’t a proposal—it’s an approved policy. And every organization that issues or relies on public TLS certificates must begin preparations today. Because it’s no longer about watching Apple’s early lead in reducing lifespans but following an industry-wide mandate.

Discover 10 critical insights from the 2025 Verizon DBIR on secrets leaks, NHI risks, and credential abuse threats affecting today’s cloud-first orgs.

Security operations centers (SOCs) are under constant pressure to keep their organizations secure, while battling alert fatigue, tool sprawl, and ever-rising demands for speed and precision. Analysts today face an overwhelming landscape where context is thin, telemetry is inconsistent, and critical signals are buried in noise. At Corelight, we’re focused on one simple idea: Your network evidence should work wherever your SOC team does.

API security is no longer just a concern; it’s a critical priority for businesses. With APIs serving as the backbone of modern applications, they’ve become a primary target for attackers. While automated security testing tools help detect vulnerabilities, their limitations leave organizations exposed to evolving threats. Here’s where Threat Replay Testing (TRT) comes into play.

National Institute of Standards and Technology (NIST)—is a U.S. federal agency that develops and promotes measurement standards, including some of the most widely used cybersecurity frameworks in the world. While originally designed to strengthen the security posture of federal systems, NIST guidelines are now used across industries as a benchmark for best practices in information security, risk management, and compliance.

One of the most critical elements of modern information security is encryption. Encryption is a complex field based solely on the arms race between people seeking secure ways to encode and encrypt data at rest and in transit and those seeking to break that encryption. Encryption is extremely commonplace. Most websites you visit use SSL, the Secure Socket Layer, which uses encryption to secure data traveling between your device and the servers hosting the website.

A social engineering campaign is abusing Zoom's remote control feature to take control of victims’ computers and install malware, according to researchers at security firm Trail of Bits. The operation targeted Trail of Bits’ CEO, who recognized it as malicious and didn’t fall for the attack. The researchers have attributed the campaign to the ELUSIVE COMET threat actor.

The Federal Bureau of Investigation’s (FBI) Internet Crime Complaint Center issued the 25th edition of its annual report this month, again noting a jump in complaints and losses from phishing, ransomware, and data breaches among the leading cyber threats. Overall, the FBI’s 2024 IC3 reported $16.6 billion in losses, up from $12.5 billion in 2023, on 859,532 complaints received. This figure was down slightly from the 880,418 complaints received in 2023.

On April 24, 2025, SAP released fixes for CVE-2025-31324, a maximum-severity zero-day unrestricted file upload vulnerability in the NetWeaver Visual Composer component. Visual Composer is a tool within NetWeaver for creating applications and user interfaces. The vulnerability was discovered by ReliaQuest, which initially observed its exploitation in the wild.