Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

An IP PIN is a six-digit code that protects US residents from fraudulent tax submissions. Electronic tax filings require an IP PIN and Social Security Number, allowing the former to act as a form of two-factor authentication. While IP PINs are primarily used by adults, they can also protect minors from having their identities used by fraudulent actors. A child without an IP PIN is at risk of having their identity used to file fake taxes.

On May 21, 2025, the FBI and CISA released a joint Cybersecurity Advisory (CSA), designated AA25-141B, warning about the rise in attacks leveraging LummaC2, attributed to a threat group referred to internally as Sticky Werewolf, this cyber espionage campaign has used LummaC2 malware since at least April 2023 to target Russian and Belarusian government agencies, science centers, and aviation manufacturers.

On April 11, 2025 09:20 UTC, Cloudflare was notified via its Bug Bounty Program of a request smuggling vulnerability (CVE-2025-4366) in the Pingora OSS framework discovered by a security researcher experimenting to find exploits using Cloudflare’s Content Delivery Network (CDN) free tier which serves some cached assets via Pingora.

Grafana—the cloud-native observability dashboard almost every DevOps team relies on—rushed out Grafana 12.0.0-security-01 yesterday to squash CVE-2025-4123, a high-severity open-redirect and stored cross-site scripting (XSS) vulnerability. When chained with the popular Grafana Image Renderer plugin the bug escalates to a full-read server-side request forgery (SSRF), exposing cloud-metadata services and internal APIs.

Expert-driven threat hunting designed to uncover hidden adversaries, strengthen defenses, and streamline security responses–enhancing your Tanium investment.

In today’s highly interconnected digital ecosystem, external APIs have become indispensable for organizations looking to enhance their capabilities and remain competitive. These interfaces allow businesses to seamlessly integrate third-party services, data, and functionalities into their applications, unlocking many possibilities. However, while external APIs offer immense opportunities, they also come with significant challenges, especially regarding security, governance, and risk management.

API latency is often an unnoticed threat in the vast digital landscape, quietly wreaking havoc on system performance, user experience, and—perhaps most critically—security. For security leaders, understanding and mitigating API latency should be more than a performance enhancement goal; it’s a foundational part of any robust cybersecurity strategy.