Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Low-code workflow builders have flourished in the AI wave, providing the “shovels and picks” for non-technical users to make AI-powered apps. Flowise is one of those tools and, like others in its category, it has the potential to leak data when configured without user authentication. To understand the risk of misconfigured Flowise instances, we investigated over a hundred data exposures found in the wild.

Maintaining an Active Directory (AD) enterprise environment is no easy task. Between all the permissions, security compliances, update cycles, emergency patches, appliance configurations and more, covering all the bases could feel overwhelming at times and could lead to errors that may result in major consequences.

Note: Classic clickjacking typically targets authenticated users on legitimate sites, while this article explores its broader use in redirect-based impersonation scenarios. Clickjacking is a UI redress attack that tricks users into clicking hidden elements, often redirecting them to spoofed landing pages that impersonate trusted brands. Once dismissed as a browser quirk, it is now a silent bridge between user interaction and large-scale brand impersonation campaigns.

Jingle Thief gift card fraud is a reminder that attackers don’t always need zero-day bugs or exotic malware to make millions — they need credentials and patience. In 2024–2025, security teams observed a financially motivated cluster (tracked by defenders as “Jingle Thief” / CL‑CRI‑1032) that focused on phishing and identity misuse to quietly harvest access to cloud platforms, then abuse gift-card issuance workflows at scale.

Buying a business can feel like stepping into a new world of opportunity — more revenue, a stronger market presence, and a ready customer base. But in today’s landscape, every new business also comes with something unseen: inherited cyber risks. From customer records to cloud software and connected devices, digital operations now sit at the heart of almost every business.

In my ongoing monitoring of cyber threats in South Asia, I’ve encountered a series of advanced persistent threat (APT) activities. This region has long been a hotspot for sophisticated cyberattacks, with various groups ramping up their operations in terms of frequency and technical complexity. Starting from early July, I’ve captured multiple new malware samples targeting both Windows and Linux platforms.

When AWS’s US-East-1 region went down again this month, it reminded the industry of an uncomfortable truth: even the most trusted cloud platforms can fail. From streaming services to SaaS providers, many businesses were caught off guard, not because they lacked backups, but because they lacked redundancy. In a Kubernetes world, redundancy isn’t just about having data snapshots.

“Is ChatGPT safe” is the headline question that nearly every team asks the moment AI enters the room. The better version is: safe for what, and under which controls? Safety is not a single switch. It combines technical security, data privacy, content safeguards, governance, and how your people use the tool. This guide breaks down how ChatGPT handles data, where privacy risks actually come from, and the practical steps to operate safely at home and at work.

It’s bad enough that organizations must worry about threat actors launching phishing attacks, injecting ransomware, or exploiting vulnerabilities; now, there is a new attack variant on the loose. Legal scammers. These are companies, which seem to be emerging particularly in Australia, are set up and registered as a legal cybersecurity firm, but in the end just take a company’s money without delivering any services.

The digital ecosystem of financial institutions is a complex web, intricately woven with the services of third-party providers. From cloud computing and AI solutions to critical IT managed services, these partnerships offer undeniable benefits – innovation, efficiency, and specialized expertise. However, as a recent, crucial letter from the New York Department of Financial Services (NYDFS) emphatically highlights, this reliance introduces significant, escalating cybersecurity risks.