Decoding CVE-2025-66478: Signal vs. Noise in SCA
Have you decoded CVE-2025-66478?
Security | Threat Detection | Cyberattacks | DevSecOps | Compliance
The Latest Cybersecurity News & Insights From Around The World
What's New With Keeper | December 2025
The latest updates to KeeperAI threat detection introduce meaningful updates across PAM resources, PAM configuration settings, gateway settings and session history, providing an enhanced security layer within the web vault architecture. KeeperAI automatically monitors and analyzes SSH sessions in real-time to identify suspicious or malicious activity, ensuring that high-risk sessions are automatically terminated and all user activity is analyzed and categorized.
CVE-2025-66516: Critical XXE Vulnerability Exposes Apache Tika Deployments
A critical XXE vulnerability, CVE-2025-66516, has been discovered in Apache Tika, putting any workflow that processes PDFs at serious risk. A malicious PDF can trigger the exploit through any Tika workflow, silently giving attackers access to sensitive files, internal URLs, cloud metadata, and your internal network. AppTrana blocks these malicious PDFs at the edge, keeping your data and internal systems secure.
How Insurity Cut Manual Security Work by 81%
95 hours back. Every. Single. Month. One of the many outcomes from our ZTA journey with Insurity. They didn’t just deploy Zero Trust — they operationalized it. Reach unified controls, automated remediation, and eliminated the manual effort slowing progress. Results:︎ 81% less manual work︎ 95 hours saved per employee per month︎ Months → days for rollout︎ Zero Trust that sticks.
How to Configure and Manage miniOrange 2FA for Bitbucket | Admin & User Setup
This tutorial provides a complete walkthrough of configuring and managing Two-Factor Authentication (2FA) in the miniOrange 2FA app for Bitbucket. Learn how admins can enable and enforce 2FA methods across users and groups, and see how end users complete their 2FA setup during login. Strengthen your Bitbucket security with an additional authentication layer and protect your instance from unauthorized access.
OWASP Top 10 for Agentic Applications (2026): What Developers and Security Teams Need to Know
Agentic AI is moving into production in CI/CD pipelines, internal copilots, customer support workflows, and infrastructure automation. These systems no longer just call a model. They plan, decide, delegate, and take actions on behalf of users and other systems. This creates new attack surfaces that do not map cleanly to traditional application security or even the OWASP Top 10 2025.
Let Data Be Your Guide: The Value of Data Security Posture Management in the Zero Trust Journey
Which is the best aspect to focus on first: network or identity? That’s a question many organizations ask when planning their Zero Trust journey. While both are key pillars to address in a Zero Trust journey, the overarching approach should be to start with your data and let that data be your guide. Data Security Posture Management (DSPM) plays a unique role in enabling businesses to achieve this thanks to its capacity for identifying potentially insecure combinations of identity, access and data.
CVE-2025-59718 and CVE-2025-59719: FortiCloud SSO Login Authentication Bypass
On December 9, 2025, Fortinet released an advisory detailing two critical authentication bypass vulnerabilities affecting FortiOS, FortiWeb, FortiProxy, and FortiSwitchManager. Designated CVE-2025-59718 and CVE-2025-59719, these vulnerabilities allow an unauthenticated threat actor to bypass FortiCloud SSO login authentication via a crafted SAML message if the feature is enabled on the device. Fortinet states that FortiCloud SSO login is disabled by default in factory settings.
How To Use ggshield To Avoid Hardcoded Secrets [cheat sheet included]
ggshield, GitGuardian’s CLI, can help you keep your secrets out of your repos, pipelines, and much more. Download our handy cheat sheet to help you make the most out of our CLI.
Why a People-Centric Security Strategy Improves Resilience
If Darth Vader and the rest of the Empire made one major strategic mistake, it was failing to understand the important role that the human element plays in security. Convinced of their superiority, the Empire’s leaders assumed that the Death Star was impenetrable. However, in the end, it was a scientist and his team who compromised the technology by building in a backdoor.