Security Bulletin

Five zero-days, 15 misconfigurations could impact businesses using Salesforce services.

The flaw allows an authenticated attacker to gain complete control over a Roundcube webmail server.

Microsegmentation, once a stalled security dream, is now critical infrastructure in the fight against lateral movement.

Through artifact attestation and the SLSA framework, GitHub's Jennifer Schelkopf argues that at least some supply chain attacks can be stopped in their tracks.

It's unclear what kind of cyberattack occurred, but UNFI proactively took certain systems offline, which has disrupted the company's operations.

The Meta Ad Library does not retain all inactive ads, hindering analysis.

Despite deploying multiple solutions, many organizations struggle with alert fatigue and low threat detection accuracy, with 63% using over five tools but only 13% successfully correlating alerts.

While cost predictability and vendor lock-in remain concerns, GTT’s survey of U.S. and European enterprise leaders indicates that over half of AI workloads are now hosted in private cloud or on-premise environments.

The flaw, tracked as CVE-2025-20286, arises from improperly generated static credentials that are reused across identical ISE versions on the same cloud platform, such as AWS, Azure, and Oracle Cloud Infrastructure.

As enterprises accelerate adoption of hybrid, multi-cloud, and edge infrastructures, their security strategies are falling behind, leaving critical vulnerabilities unaddressed.

After scanning billions of assets across major providers like AWS and Azure, researchers found that each asset averages 115 vulnerabilities, with many dating back over a decade.