Enterprise Security Tech

In a move that underscores the growing convergence of identity, endpoint, and cloud threat intelligence, Saviynt and CrowdStrike today announced a deep integration between Saviynt’s identity-governance platform and the CrowdStrike Falcon® security stack. The new connector—now listed on the CrowdStrike Marketplace—binds endpoint, identity and cloud telemetry from CrowdStrike with Saviynt’s access-governance logic, enabling bi-directional flows of data for real-time risk redu

A previously undisclosed campaign of cyberespionage is now coming into sharper view, leveraging the zero-day vulnerability known as CVE‑2025‑53770—nicknamed “ToolShell”—to infiltrate a diverse range of targets spanning the Middle East, Africa, South America and the United States. The operation is marked by sophisticated chaining of publicly-known flaws, living-off-the-land tools, and covert backdoors, underscoring a troubling trend of rapid exploitation and cross-regional rea

On October 20 2025, the security research team at JFrog Security Research published a disclosure of multiple vulnerabilities in the open-source package oatpp‑mcp—an implementation of the Model Context Protocol (MCP) standard produced by Anthropic. The most critical of these is logged as CVE‑2025‑6515, and JFrog’s researchers have coined the attack technique enabled by this flaw “Prompt Hijacking.” What’s the Protocol Here—and Why It’s Vulnerable MCP is designed to let large-

In what security researchers are describing as a watershed moment for developer supply-chain attacks, a new malware campaign dubbed GlassWorm  has begun spreading through extensions for Visual Studio Code (VS Code) and its open-source alternative, OpenVSX. The worm-like code has been installed on an estimated 35,800 developer machines so far. What happened: A stealthy worm enters the IDE According to analysts at Koi Security, the campaign first surfaced on October 17, 2025 wh

In a significant move for the cybersecurity intelligence market, New York–based AI-analytics firm Dataminr  announced today its intent to acquire Arlington-Virginia’s intelligence-platform vendor ThreatConnect  in a deal valuing the latter at approximately $290 million. The deal signals a strategic push by Dataminr into deeper, context-driven threat intelligence capabilities — combining its strength in public-data event detection with ThreatConnect’s specialty in internal-dat

Security researchers at Varonis have uncovered a subtle yet powerful flaw in Microsoft Azure’s application registration system that allowed malicious actors to create fake apps with names like “Azure Portal,” bypassing long-standing safeguards meant to prevent impersonation of official Microsoft tools. The loophole—since patched by Microsoft—stemmed from the use of hidden Unicode characters to disguise application names. By inserting invisible “Combining Grapheme Joiner” cha