Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

A new Cross-Site Request Forgery (CSRF) vulnerability has been discovered in PowerAdmin. This vulnerability poses a significant risk, potentially compromising user data and disrupting the designated functionality across roles.

On July 10, 2024, GitLab issued an advisory regarding a critical vulnerability (CVE-2024-6385) in GitLab CE/EE that had been reported to them through a bug bounty program. This vulnerability allows a threat actor to trigger a GitLab pipeline as another user under certain circumstances. A GitLab pipeline is a collection of automated processes that run in stages to build, test, and deploy code.

Amazon Web Services (AWS) Simple Storage Service (S3) has become a cornerstone in the world of cloud storage. It offers scalability, high availability, and performance, making it a go-to choice for businesses of all sizes. However, as with any cloud service, security is paramount. This is where the question of "how to secure an S3 bucket" comes into play. Securing your S3 buckets is not just about protecting your data from unauthorized access.

Transitioning from legacy vulnerability management tools to modern solutions like Tanium offers improved endpoint visibility, cost savings, streamlined operations, real-time data, and automated remediation, enhancing overall cybersecurity posture.

GitLab has released a new series of updates to address critical security flaws in its software development platform. Among these, a severe vulnerability tracked as CVE-2024-6385 has been identified, allowing attackers to run pipeline jobs as arbitrary users. This blog will detail the nature of these vulnerabilities, their impact, and the steps GitLab has taken to mitigate them. Critical Vulnerability: CVE-2024-6385.

In today's increasingly digital world, where businesses rely heavily on technology for core operations, the European Union's Digital Operational Resilience Act (DORA) establishes a comprehensive framework to manage Information and Communication Technology (ICT) related risks and ensure business continuity for financial institutions and critical service providers.

Over 100,000 websites fell victim to a recent web supply chain attack through the Polyfill JavaScript library. This incident underscores significant vulnerabilities in third-party script integration across the web. This article covers what Polyfill does, why it’s now a threat, and the steps you should take if your website relies on it.