Enterprise Security Tech

In the evolving theatre of cyber-conflict, large-scale breaches are no longer just the result of a single dramatic failure—now they are nearly always the result of many smaller failures colliding. According to recent analysis by Panaseer —a specialist in continuous controls monitoring—the statistic that sets the alarm bells ringing is stark: 70 % of major breaches stem from “toxic combinations” of overlapping cybersecurity risks. Understanding the domino effect The term toxi

When high-profile campaigns by groups like LAPSUS$ and Scattered Spider make headlines, they often leave the strong impression of technical wizardry: zero-days, clever malware, intricate breaches. But according to research from Flashpoint , that narrative misses the more profound evolution underway. Gone are the days when data extortion simply meant bulk-stealing databases: the playbook has matured to target the single most vulnerable link in modern enterprise security— human

In what many in the cybersecurity world feared might happen, the global ransomware threat has begun to rev back into gear. According to research from NCC Group , after a sustained slide in attack volume, September saw a 28 % month-on-month increase in ransomware incidents—421 attacks globally, up sharply from lower levels in the preceding months. The Anatomy of the Surge While 421 attacks is still below half a thousand, the increase is significant primarily for what it signal

In the steadily escalating conflict between cyber-defenders and adversaries, an emerging battleground is crystal clear: the gaming community. A new tool, originally designed for legitimate red-team operations, is now being weaponized against gamers—with alarming implications for credential theft, payment fraud and identity compromise. From open-source toolbox to weaponized infostealer First released publicly in 2024, the toolkit known as RedTiger was marketed as a versatile,

Researchers at Forescout’s Vedere Labs say they’ve pulled open a fresh set of dangerous doors in TP-Link’s Omada and Festa VPN appliances — two newly cataloged vulnerabilities that let an attacker execute shell commands as root and resurrect a patched debug backdoor. The duo of flaws, tracked as CVE-2025-7850 and CVE-2025-7851 , expose an uncomfortable truth: incremental patches that don’t remove legacy developer features can create new, high-severity attack paths. The most

On October 20 2025, the security research team at JFrog Security Research published a disclosure of multiple vulnerabilities in the open-source package oatpp‑mcp—an implementation of the Model Context Protocol (MCP) standard produced by Anthropic. The most critical of these is logged as CVE‑2025‑6515, and JFrog’s researchers have coined the attack technique enabled by this flaw “Prompt Hijacking.” What’s the Protocol Here—and Why It’s Vulnerable MCP is designed to let large-