Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Olymp Loader is a Malware-as-a-Service (MaaS) advertised on underground forums and Telegram since June 5, 2025. The seller, “OLYMPO”, presents Olymp Loader as fully written in assembly language and frequently markets it as FUD (Fully UnDetectable). Despite its recent appearance, many underground forum users have already posted positive reviews.

As businesses strive to secure sensitive cardholder data and stay compliant with Payment Card Industry Data Security Standard (PCI DSS) v4.0.1, one of the most overlooked areas is developer training. The latest version of the PCI DSS places clear emphasis on ensuring developers are not only residually aware of security best practices, but are actively trained to build secure software and detect vulnerabilities. This is where Snyk Learn comes in.

On September 23, 2025, SolarWinds released a hotfix for a critical vulnerability impacting Web Help Desk (WHD), tracked as CVE-2025-26399. The vulnerability arises from a deserialization flaw in the AjaxProxy component that could allow a remote unauthenticated threat actor to achieve remote code execution. CVE-2025-26399 is the second bypass of a flaw originally disclosed last year as CVE-2024-28986 within WHD, with the first bypass being CVE-2024-28988.

In vulnerability management, every scan tells a story. The truth is that only some of those stories matter right now and that the challenge isn’t finding vulnerabilities. It’s knowing which ones are about to cost you. If you’re dealing with hundreds of vulnerabilities per asset, especially if you’ve adopted cloud solutions, you’re not alone. That’s become the norm. But you can’t patch everything, and you shouldn’t even try.

Every year, mobile devices become more powerful, more innovative, and more complex. That’s good news for diligent workers who want to stay connected and productive. Unfortunately, it’s also good news for threat actors who want to steal sensitive data. Zero-day vulnerabilities in mobile applications and operating systems (OSs) are becoming more common over time.

Philadelphia, PA, 23rd September – Outpost24, a leading provider of exposure management solutions, today announced the launch of new pen test reporting, giving customers a consolidated view of all penetration testing results within a single platform. This eliminates the need to manage multiple reports from different sources, saving time and improving operational efficiency. Security teams can now view, schedule, and download reports directly, with actionable insights from certified pen testers.

In July 2025, pro-Palestinian hacktivist group zerodayx1 launched its own Ransomware-as-a-Service (RaaS) operation, following the path of other hacktivist teams. They loudly announced the initiative on platforms commonly used for such purposes, including X (formerly Twitter) and Telegram. Zerodayx1 exemplifies the ongoing evolution of these groups, underscoring the importance of studying and understanding their methods in order to better prepare for and respond to such threats.

Vulnerability scanning is no longer optional for modern teams. With new features released weekly, and sometimes resources deployed and removed within hours, businesses need constant vigilance to stay ahead of attackers. The real question is: how often should you scan without slowing down the development process? Full scans are thorough but time-intensive, sometimes taking hours or days. Partial (incremental) scans are faster and CI/CD-friendly but risk missing critical gaps.