From Third-Party Vendors to U.S. Tariffs: The New Cyber Risks Facing Supply Chains

Introduction Cyber threats targeting supply chains have become a growing concern for businesses across industries. As companies continue to expand their reliance on third-party vendors, cloud-based services, and global logistics networks, cybercriminals are exploiting vulnerabilities within these...

Authentication Bypass

Mattermost is vulnerable to Authentication Bypass. The vulnerability is due to a flaw that allows authenticated attackers to bypass MFA protections via user search, channel search, or team search queries...

US Department of Labor’s journey to Zero Trust security with Microsoft Entra ID

For several years, Microsoft has been helping United States federal and state government groups, including military departments and civilian agencies, transition to a Zero Trust security model. Advanced features in Microsoft Entra ID have helped these organizations meet requirements to employ...

Missing Authentication for Critical Function

Overview github.com/mattermost/mattermost/server/v8/channels/api4 is a platform for secure collaboration across the entire software development lifecycle Affected versions of this package are vulnerable to Missing Authentication for Critical Function due to search APIs including user search,...

Missing Authentication for Critical Function

Overview github.com/mattermost/mattermost/server/v8/channels/web is a platform for secure collaboration across the entire software development lifecycle Affected versions of this package are vulnerable to Missing Authentication for Critical Function due to servePluginRequest failing to enforce...

Missing Authentication for Critical Function

Overview Affected versions of this package are vulnerable to Missing Authentication for Critical Function due to servePluginRequest failing to enforce multifactor authentication for plugins, even when MFA is meant to be enabled. Remediation Upgrade...

Missing Authentication for Critical Function

Overview github.com/mattermost/mattermost/server/channels/app is a private-cloud Slack alternative Affected versions of this package are vulnerable to Missing Authentication for Critical Function due to servePluginRequest failing to enforce multifactor authentication for plugins, even when MFA is...

Missing Authentication for Critical Function

Overview Affected versions of this package are vulnerable to Missing Authentication for Critical Function due to servePluginRequest failing to enforce multifactor authentication for plugins, even when MFA is meant to be enabled. Remediation Upgrade...

CVE-2025-25068

CVE-2025-25068 (Mattermost) affects Mattermost Server versions 9.11.x <= 9.11.8, 10.3.x <= 10.3.3, 10.4.x <= 10.4.2, and 10.5.x

Phishing evolves beyond email to become latest Android app threat

There are plenty of phish in the sea, and the latest ones have little interest in your email inbox. In 2024, Malwarebytes detected more than 22,800 phishing apps on Android, according to the recent 2025 State of Malware report. Of those malicious apps, 5,200 could subvert one of the strongest...

Changing the tide: Reflections on threat data from 2024

"Enough Ripples, And You Change The Tide. For The Future Is Never Truly Set." X-Men: Days of Future Past In January, I dedicated some time to examine threat data from 2024, comparing it with the previous years to identify anomalies, spikes, and changes. As anticipated, the number of Common...

CVE-2024-52586 eLabFTW MFA bypass

eLabFTW is an open source electronic lab notebook for research labs. A vulnerability has been found starting in version 4.6.0 and prior to version 5.1.0 that allows an attacker to bypass eLabFTW's built-in multifactor authentication mechanism. An attacker who can authenticate locally by knowing o...

CVE-2024-52586 eLabFTW MFA bypass

eLabFTW is an open source electronic lab notebook for research labs. A vulnerability has been found starting in version 4.6.0 and prior to version 5.1.0 that allows an attacker to bypass eLabFTW's built-in multifactor authentication mechanism. An attacker who can authenticate locally by knowing o...

CVE-2024-52586

CVE-2024-52586 affects eLabFTW versions 4.6.0 to 5.1.0, where an attacker capable of local authentication can bypass the built‑in MFA and log in regardless of MFA requirements. The issue is documented across multiple sources (Red Hat, CVE list, PT-Security, OSV, NVD, CNVD) with the fixed version ...

Roger Grimes on Prioritizing Cybersecurity Advice

This is a good point: Part of the problem is that we are constantly handed lists…list of required controls…list of things we are being asked to fix or improve…lists of new projects…lists of threats, and so on, that are not ranked for risks. For example, we are often given a cybersecurity guidelin...

Iranian Cyber Actors’ Brute Force and Credential Access Activity Compromises Critical Infrastructure Organizations

Summary The Federal Bureau of Investigation FBI, the Cybersecurity and Infrastructure Security Agency CISA, the National Security Agency NSA, the Communications Security Establishment Canada CSE, the Australian Federal Police AFP, and Australian Signals Directorate's Australian Cyber Security...

CISA and FBI Release Fact Sheet on Protecting Against Iranian Targeting of Accounts Associated with National Political Organizations

Today, CISA and the Federal Bureau of Investigation FBI released joint fact sheet, How to Protect Against Iranian Targeting of Accounts Associated with National Political Organizations. This fact sheet provides information about threat actors affiliated with the Iranian Government’s Islamic...

PT-2024-7812 · Siemens · Sinema Remote Connect Client

Name of the Vulnerable Software and Affected Versions: SINEMA Remote Connect Client versions prior to V3.2 SP2 Description: A vulnerability has been identified in the SINEMA Remote Connect Client, where the affected application does not expire the user session on reboot without logout. This could...

Next-Generation Attacks, Same Targets - How to Protect Your Users' Identities

The FBI and CISA Issue Joint Advisory on New Threats and How to Stop Ransomware Note: on August 29, the FBI and CISA issued a joint advisory as part of their ongoing StopRansomware effort to help organizations protect against ransomware. The latest advisory, AA24-242A, describes a new cybercrimin...

#StopRansomware: Blacksuit (Royal) Ransomware

Actions for Organizations to Take Today to Mitigate Cyber Threats Related to BlackSuit Ransomware Activity 1. Prioritize remediating known exploited vulnerabilities. 2. Train users to recognize and report phishing attempts. 3. Enable and enforce multifactor authentication...