Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

If you’re a security analyst, you know the work never stops. Even after your team completes an extensive vendor risk assessment and remediation, you still need to write a report to share your findings with key stakeholders. And this work isn’t a walk in the park by any means. Writing a risk assessment report often requires hours (or even days) of summarizing information, repopulating graphs, and balancing technical details with clarity to cater to technical and non-technical stakeholders.

Organizations today move fast, but slow vendor approvals can grind everything to a halt. As companies increasingly rely on third-party vendors, slow vendor approvals create a serious security bottleneck. This slowdown costs organizations valuable time and resources—and leaves them open to security risks. It’s important to cohesively review and approve vendors to manage third-party risk, but organizations should be aware of just how long those approvals take.

Outpost24 analysts recently discovered a critical authentication bypass vulnerability in CrushFTP, identified as CVE-2025-31161. The vulnerability has a CVSSv3.1 score of CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H (9.8). We reached out to MITRE for a CVE on 13th March 2025 and were within an agreed 90-day non-disclosure period with CrushFTP. The plan was to give users plenty of time to patch before attackers were alerted to the vulnerability and able to exploit it.

Quantifying the economic impact of Elastic Security As public sector organizations grapple with a changing economic and political landscape, the focus has increasingly turned to driving efficiencies, reducing costs, and strengthening resiliency.

Manufacturing organizations need Privileged Access Management (PAM) for Industrial Internet of Things (IIoT) security because it protects critical systems and devices by ensuring that only authorized users have access. IIoT refers to a network of connected devices that work together to collect and analyze data across industrial sectors to improve operational efficiency. As IIoT becomes increasingly integral to manufacturing, securing these connected systems is more important than ever.

On March 21, 2025, CrushFTP privately alerted customers to a critical authentication bypass vulnerability, now tracked as CVE-2025-31161. Since the initial disclosure, a proof-of-concept (PoC) exploit has been made publicly available, and the CrushFTP CEO has confirmed observing customer compromises via CVE-2025-31161.

The history of penetration testing begins with military strategies used to test enemy defenses. Over time, this evolved into a formal practice for identifying vulnerabilities in computer systems. This article traces the brief history of of penetration testing, from its early conceptual roots in military exercises, through the rise of ‘Tiger Teams’ in the 1970s, to the sophisticated tools and methodologies in use today.

Trustwave MailMarshal fortified its position as a leading secure email gateway by being named a Top Player in Radicati’s Secure Email Market Quadrant 2025 report. This is the second consecutive year that Radicati has recognized Trustwave MailMarshal for its ability to protect organizations from email-based attacks.

We are excited to announce the launch of Veracode Threat Research, a new initiative to counter software supply chain threats. Thanks to the acquisition of Phylum, Inc., we are now equipped with cutting-edge technology and a wealth of expertise to revolutionize how we secure the open-source ecosystem and protect your developers from novel attacks.

When was the last time your business or enterprise tested its defenses with a real-world attack simulation? If the answer is never—or more than a year ago—your company may be more vulnerable than you think. Regular penetration testing by an expert team like Cybriant is one of the most effective ways to uncover and fix security weaknesses before attackers exploit them. Interested in learning more? Read on.