Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

CVE-2025-41115 is a critical privilege escalation and user-impersonation vulnerability in Grafana Enterprise. The issue occurs within the SCIM (System for Cross-domain Identity Management) provisioning feature. When SCIM is enabled, Grafana incorrectly maps the externalId field supplied by a SCIM client to an internal user.uid.

CVE-2025-9501 is a critical remote code-execution vulnerability affecting W3 Total Cache versions prior to 2.8.13, a plugin used by more than a million WordPress sites to improve performance and caching. The issue lies in the plugin’s _parse_dynamic_mfunc handler, which can process user-controlled inputs inside dynamic fragments.

Security teams need clear signals, fast investigations and automation that fits into existing workflows. The latest CyCognito updates focus on streamlining asset operations, speeding up review of context and expanding what you can manage through the API. Recent enhancements include new asset management permissions, Asset List productivity improvements and additional API capabilities for realm freshness and issue lifecycle control.

CVE-2025-64459 is a critical SQL injection vulnerability in the Django web framework’s ORM. It affects Django 5.1 versions earlier than 5.1.14, Django 4.2 versions earlier than 4.2.26, and Django 5.2 versions earlier than 5.2.8. Earlier, unsupported series such as 5.0.x, 4.1.x, and 3.2.x were not evaluated and may also be affected, which makes legacy deployments especially risky.

Part of our two-part series on the evolution from EASM to EEM. This post explains how External Exposure Management becomes an operational muscle that empowers continuous defense, real-time remediation, and proactive protection. External exposure is now the frontline of cyber defense. These are the assets attackers can reach without authentication, without privilege escalation, and without internal access. That means speed and agility are not luxuries they are non-negotiable.

CVE-2025-64095 is a critical unauthenticated file-upload vulnerability affecting DNN (DotNetNuke) versions prior to 10.1.1. The flaw exists in the platform’s default HTML editor provider, where upload validation and authorization checks were insufficient. Attackers can upload files and overwrite existing content without credentials, enabling page defacement, malicious script injection, and in some environments stored cross-site scripting (XSS).

Part of our two-part series on the evolution from EASM to EEM. This post introduces the core shift from visibility to real-world exposure validation and why the legacy approach to external risk is no longer enough. External Attack Surface Management, or EASM, was once revolutionary. It gave organizations their first real visibility into the sprawling digital footprint created by cloud adoption, remote work, and third-party services. But the threat landscape has evolved. And EASM has not kept up.

CVE-2025-55752 is a path traversal vulnerability in Apache Tomcat. It comes from a regression introduced during a past bug fix. Because of this flaw, Tomcat normalizes URLs before decoding them, which lets attackers craft requests that bypass access controls and reach restricted directories like /WEB-INF/ and /META-INF/. In deployments where HTTP PUT is enabled, an attacker could upload files through this path and potentially gain remote code execution (RCE).

If popular TV and movies are to be believed, hackers break into organizations from dark rooms using flashy zero-day exploits (complete with some sort of showy animation), all while techno music blares in the background, culminating in the oh-so-cool announce of “I’m in!” This… is not reality. The unglamorous truth is that breaches usually stem from a series of small mistakes in unremarkable things: A system that was overlooked when implementing a new policy.

A high-severity vulnerability (CVSS 9.9) has been disclosed in the VPN web server component of Cisco Secure Firewall ASA and FTD software. An authenticated attacker (i.e. one possessing valid VPN credentials) can send specially crafted HTTP(S) requests that bypass input validation and lead to remote code execution as root. This means full device compromise is possible.