FortiWeb at Risk: Unauthenticated Attackers Gaining Full WAF Control via Admin Creation
A critical authentication bypass vulnerability in Fortinet’s FortiWeb web application firewalls (WAF), identified as CVE-2025-64446 with a CVSS score of…
Security
Weekly Update 478
Presently sponsored by: Malwarebytes Browser Guard blocks phishing, ads, scams, and trackers for safer, faster browsing This week, it was…
Friday Squid Blogging: Pilot Whales Eat a Lot of Squid
Short-finned pilot wales (Globicephala macrorhynchus) eat at lot of squid: To figure out a short-finned pilot whale’s caloric intake, Gough…
The Role of Humans in an AI-Powered World
As AI capabilities grow, we must delineate the roles that should remain exclusively human. The line seems to be between…
SecPod’s Path-Defining Innovation: Shaping the Future of Cybersecurity
For nearly two decades, SecPod has challenged conventions and introduced new ways of thinking about cybersecurity – ways that move…
Archive Terror: Dissecting the WinRAR CVE-2025-6218 Exploit & APT-C-08’s Stealth Move
Executive Summary A targeted cyber-espionage campaign attributed to the threat group APT-C-08 is actively exploiting a high severity directory traversal…
What Happens If You Don’t Renew SSL Certificate on Time
Every SSL/TLS certificate has a defined lifespan. Website owners for years have enjoyed the convenience of multi-year certificates, often lasting…
Book Review: The Business of Secrets
The Business of Secrets: Adventures in Selling Encryption Around the World by Fred Kinch (May 24, 2004) From the vantage…
OWASP Top 10 Business Logic Abuse: What You Need to Know
Over the past few years, API security has gone from a relatively niche concern to a headline issue. A slew…
RelayState Ruse: Exploiting Reflected XSS in Citrix NetScaler
In the realm of cybersecurity, it’s not uncommon to stumble upon vulnerabilities while dissecting a system during the pursuit of…