%term

Enumerating Users and Mailboxes in Microsoft Outlook 365 Web

Dec 11, 2025 By James Drew In Sentrium

During our research into Microsoft 365 security, we discovered a flaw in Outlook on the web (OWA) that exposed information about users and their mailboxes. By manipulating certain request headers against the “/owa/service.svc” endpoint, an attacker could not only confirm whether a user account existed, but also determine if that account had a mailbox associated with it.

Read Post

Sentrium

Read more about Enumerating Users and Mailboxes in Microsoft Outlook 365 Web

CVE-2025-10573: Critical Unauthenticated Stored XSS in Ivanti Endpoint Manager

Dec 11, 2025 By Bhargavi Pallati In Indusface

A newly disclosed vulnerability in Ivanti Endpoint Manager (EPM) tracked as CVE-2025-10573 allows unauthenticated attackers to inject persistent JavaScript into the EPM administrative dashboard. Assigned a CVSS score of 9.6, this vulnerability presents a critical security risk because it enables attackers to hijack administrator sessions and gain full control over managed endpoints.

Read Post

Indusface

Read more about CVE-2025-10573: Critical Unauthenticated Stored XSS in Ivanti Endpoint Manager

Data Leakage: AI's Plumbing Problem

Dec 11, 2025 By Jim Hoagland - Vanessa Villa In CrowdStrike

Sensitive information disclosure ranks on the OWASP Top 10 for LLM Applications, and for good reason. When AI-powered applications inadvertently expose private data like personally identifiable information (PII), financial records, health information, API keys, or proprietary business intelligence, the consequences cascade quickly: regulatory violations, competitive disadvantage, and shattered user trust.

Read Post

CrowdStrike

Read more about Data Leakage: AI's Plumbing Problem

Top Ten Data Security Trends To Prepare For in 2026

Dec 11, 2025 By Isa Jones In Cyberhaven

The data security landscape is reaching an inflection point. In 2026, the question won't be whether your security stack can detect risks; it will be whether it can predict, prevent, and adapt to them in real time.

Read Post

Cyberhaven

Read more about Top Ten Data Security Trends To Prepare For in 2026

GRC Engineering for Revenue Acceleration | TrustCloud

Dec 11, 2025 By TrustCloud In TrustCloud

How to build a Customer Assurance and Continuous Control Monitoring Program that earns customer trust. Join us for a practical and insightful conversation on how transparent security and compliance posture sharing , high-confidence AI-assisted security questionnaire completion, and continuous control monitoring (CCM) translate directly into customer assurance, revenue acceleration, faster sales cycles, and higher buyer confidence.

View Video

TrustCloud

Read more about GRC Engineering for Revenue Acceleration | TrustCloud

Is CTEM a framework or a solution?

Dec 11, 2025 By Cyberint In Cyberint

CTEM, introduced by Gartner, was designed to address a critical gap in traditional vulnerability management: the broken flow between detection and remediation. While reports and alerts pile up, exposures often remain unresolved, leaving organizations at risk. CTEM organizes this process into five stages—Scoping, Discovery, Prioritization, Validation, and Mobilization—bringing structure to chaos. Technically, it’s a framework because Gartner never mandated a single solution to deliver all stages. Most vendors only cover one or two.

View Video

Cyberint

Security

Read more about Is CTEM a framework or a solution?

Why Cybersecurity Stress Keeps Rising

Dec 11, 2025 By Razorthorn Security In Razorthorn

Cybersecurity work is becoming more stressful as roles grow more complex and human factors stay under addressed. Bec points to industry research showing higher stress levels than five years ago, and links this to workload, responsibility and the emotional toll of constant threat.

View Video

Razorthorn

Security

Read more about Why Cybersecurity Stress Keeps Rising

A Mental Health Community For Cyber Professionals

Dec 11, 2025 By Razorthorn Security In Razorthorn

The Mental Health in Cyber Security Foundation is a home for support, shared best practice and real stories about mental health in cybersecurity. The long-term vision is an organisation where people in the industry know they can go for advice, guidance and practical help with the pressures of their work.

View Video

Razorthorn

Security

Read more about A Mental Health Community For Cyber Professionals

Virgin Atlantic CISO LIVE at Black Hat Europe

Dec 11, 2025 By Torq In Torq

Virgin Atlantic CISO John White and Torq’s Usman Gulfaraz chat through how Virgin Atlantic's security team is already saving over 40 hours a week with Torq.

View Video

Torq

Read more about Virgin Atlantic CISO LIVE at Black Hat Europe

Ep 15 - Inside the Web of Scattered Spider: Social Engineering at Scale

Dec 11, 2025 By SafeBreach In SafeBreach

Hosts Tova Dvorin and Adrian Culley dive into Scattered Spider, a decentralized threat group targeting major corporations like MGM and Marks & Spencer.

View Video

SafeBreach

Security

Read more about Ep 15 - Inside the Web of Scattered Spider: Social Engineering at Scale

Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Enumerating Users and Mailboxes in Microsoft Outlook 365 Web

CVE-2025-10573: Critical Unauthenticated Stored XSS in Ivanti Endpoint Manager

Data Leakage: AI's Plumbing Problem

Top Ten Data Security Trends To Prepare For in 2026

GRC Engineering for Revenue Acceleration | TrustCloud

Is CTEM a framework or a solution?

Why Cybersecurity Stress Keeps Rising

A Mental Health Community For Cyber Professionals

Virgin Atlantic CISO LIVE at Black Hat Europe

Ep 15 - Inside the Web of Scattered Spider: Social Engineering at Scale

Monthly Archive

Follow Us