Security Bulletin

IaC is powerful. It brings speed, scale, and structure to cloud infrastructure. But none of that matters if your security can't keep up.

Warlord believed to be using control over the Karen region as a hub for fraud and cybercrime activities.

Simplistic “commodity” ransomware makes it easy to launch low-skill attacks.

CISA added CVE-2025-34028 to its Known Exploited Vulnerabilities catalog, citing active attacks in the wild.

The vulnerability, which has a CVSS score of 9.8, is under attack and allows threat actors to remotely execute arbitrary commands on servers running the agentic AI builder.

Low-code AI builder is a leading tool for building agentic AI workflows.

CTG's Chad Alessi discusses the cybersecurity challenges facing middle-market companies.

Sonatype's Brian Fox discusses how unmanaged open source AI presents serious risk to organizations.

BeyondTrust's Morey Haber discusses its annual Microsoft Vulnerabilities report.

The vulnerabilities affect SonicWall's SMA devices for secure remote access, which have been heavily targeted by threat actors in the past.