A disturbing vulnerability bulletin from Fortinet. (I know: You might say that's not exactly rare. But SSO auth bypass....) If I were at an org that used Fortinent products I think I'd presume they were vulnerable except where I was certain otherwise. fortiguard.com/psirt/FG-IR-25…

Notepad++ fixes flaw that let attackers push malicious update files - Lawrence Abrams bleepingcomputer.com/news/security/… bleepingcomputer.com/news/security/…

"'ConsentFix', a browser-based ClickFix-style attack with OAuth consent grants" ... leveraging the Azure CLI app client to social engineer for easy access into Entra ID 👀 I got nerdsniped by this, so I played with it a bit and tried a drag-and-drop gesture! Video:

🛑 WARNING: CVE-2025-20393 is rated 10.0, with no patch available. Cisco confirmed active exploitation of an AsyncOS zero-day by a China-linked APT. The flaw allows root-level command execution on affected email security appliances and enables attackers to establish

Some of my favorite security capabilities that are not EDR: 1. User behavior monitoring Example: Suzie in accounting all of a sudden makes a bunch of SMB connections. Or when bob’s Tier 0 account is now logged into a workstation somehow. UEBA (user entity behavior analytics)

MongoBleed (CVE-2025-14847) is basically Heartbleed for MongoDB - unauthenticated memory disclosure - public POC, trivial to exploit - leaks creds, tokens, cloud keys straight from RAM - huge exposed surface on the internet Good writeups and technical details here:

Rapid7 dropped a write-up on the Notepad++ update-chain abuse and - finally - it comes with real IOCs - update.exe downloaded from 95.179.213[.]0 after notepad++.exe -> GUP.exe - file hashes for update.exe / log.dll / BluetoothService.exe / conf.c / libtcc.dll - network IOCs

Those of you who are following the Notepad plus plus scenario. There was an update this morning. notepad-plus-plus.org/news/clarifica… The key takeaway is the *majority* of consumers should take from this message, was implied early on and now has been said definitely. "This was a highly

After 15 years, the original Secure Boot certificates that keep your PC safe during boot are expiring. Microsoft has announced that the original Secure Boot certificates that were issued when the feature first began shipping in 2011 are set to expire this June. PCs that are not

Learn eBPF through hands-on exercises directly from your browser. ebpf.party

🔥 Anthropic is rolling out Claude Code Security, an AI tool that scans full codebases and suggests patches. In limited preview for Enterprise and Team users, it analyzes code like a human, traces data flows, and reduces false positives in a review dashboard. All fixes require

Microsoft Authenticator is about to wipe work accounts from jailbroken/rooted phones automatically 👏. No IT config needed. 🔥 3-phase rollout starting Feb 2026: ⚠️ Warn → 🚫 Block → 🗑️ Wipe Let your help desk and security teams know. 🔗 support.microsoft.com/en-us/account-…

⚠️ Veeam fixed multiple flaws in Backup & Replication, including 9.9-severity RCE bugs that let authenticated domain users run code on backup servers. Affected: all v12 builds before 12.3.2.4465. 🔗 CVEs and patch details → thehackernews.com/2026/03/veeam-…

If a Global Admin gets compromised, it should be treated like a scorched earth scenario. The possibilities for backdoor are endless, especially if they disabled the audit logs.

If I told you there was a digital forensics and IR platform that gives security teams deep visibility into Windows, macOS, and Linux endpoints, would you believe me? What if I said it’s open source, lightweight, scalable, and designed for flexible investigations? Welcome to

GlassWorm malware hits 400+ code repos on GitHub, npm, VSCode, OpenVSX bleepingcomputer.com/news/security/… bleepingcomputer.com/news/security/…

⚠️ WARNING - An unpatched critical telnetd bug (CVE-2026-32746) lets attackers gain full system access with no credentials. One connection to port 23 is enough to trigger memory corruption and execute code as root. No patch yet. Prior telnet flaw is already exploited in the

GitHub isn’t just a code platform anymore. It’s a security boundary. New from Jared Atkinson: how GitHub creates real attack paths into repos, secrets, CI/CD, and even cloud environments. Read more: ghst.ly/4cU3QHd

CISA urges US orgs to secure Microsoft Intune systems after Stryker breach bleepingcomputer.com/news/security/… bleepingcomputer.com/news/security/…

𝗛𝗮𝗿𝗱𝗲𝗻 𝗬𝗼𝘂𝗿 𝗜𝗻𝘁𝘂𝗻𝗲 𝗡𝗼𝘄! 🛡️💻 CISA urges hardening after #Stryker attack: 🔹 Use Intune RBAC (Least Privilege) 🔹 Phishing-resistant MFA 🔹 Multi-Admin Approval for wipes 🔗 buff.ly/4NMQ2Wy #InfoSec #shiftavenue