Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

If your Maven project feels like a ticking time bomb of outdated dependencies, you’re not alone. Developers often put off updates—until a critical CVE or compatibility issue makes them wish they hadn’t. Keeping your dependencies current doesn’t just reduce risk—it improves performance, adds features, and aligns with best practices in secure software development.

On July 2, 2025, Cisco released a security advisory detailing a maximum severity vulnerability (CVE-2025-20309) in Cisco Unified Communications Manager and Unified Communications Manager SME Engineering Special, caused by hard-coded root SSH credentials that cannot be changed or removed.

A new high-severity vulnerability, CVE-2025-4123, has been discovered in Grafana, a widely used open-source observability platform. Dubbed “The Grafana Ghost,” this vulnerability stems from an open redirect flaw that can lead to stored cross-site scripting (XSS), account takeover and server-side request forgery (SSRF). Despite the release of patched versions, over 46,000 vulnerable Grafana instances are still publicly exposed, underscoring the urgency for immediate mitigation.

With the boom of cloud usage and AI, organizations have been facing an increase in cybersecurity challenges due to which they realize the need for endpoint vulnerability remediation.

June 2025 has seen WhatsApp back in the headlines—this time for all the wrong reasons. Earlier this month, The National broke the story: WhatsApp’s security is under renewed scrutiny following revelations that Israel remains the only known actor to have successfully exploited it. But if history has taught us anything, it’s this: if one nation-state can do it, others may follow. At Appknox, we decided to verify the current state of WhatsApp’s mobile app security for ourselves.