-
Looking at the Attack Surfaces of the Sony XAV-AX8500
For the upcoming Pwn2Own Automotive contest a total of 4 head units have been selected. One of these is the single DIN Sony XAV-AX8500 that offers a variety of functionality such as wired and wireless Android Auto and Apple CarPlay as well as USB media playback and more. This blog post presents internal photos of…
-
Ivanti Releases Security Updates for Connect Secure, Policy Secure, and ZTA Gateways
Ivanti released security updates to address vulnerabilities (CVE-2025-0282, CVE-2025-0283) in Ivanti Connect Secure, Policy Secure, and ZTA Gateways. A cyber threat actor could exploit CVE-2025-0282 to take control of an affected system. CISA has added CVE-2025-0282 to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CISA urges organizations to hunt for any malicious…
-
CISA Adds One Vulnerability to the KEV Catalog
CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2025-0282 Ivanti Connect Secure Vulnerability These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise. CISA urges organizations to apply mitigations as set forth in the CISA instructions linked…
-
Research that builds detections
Note: You can view the full content of the blog here. Introduction Detection engineering is becoming increasingly important in surfacing new malicious activity. Threat actors might take advantage of previously unknown malware families – but a successful detection of certain methodologies or artifacts can help expose the entire infection chain. In previous blog posts, we…
-
Seven Trends to Watch for in 2025
*No generative AI was used by the author Rapid Rate of Change Still Powering Technology Here we are a quarter of the way through the 21st century and the rate of change in technology shows no signs of slowing. And, while we are not quite the jet-setting hipsters that cartoons of the 1960’s predicted, we…
-
Zero-Day Vulnerability in Ivanti VPN
It’s being actively exploited. It’s being actively exploited. Go to Source
-
Tuta for Open Source Projects
We at Tuta love open source. Lots of open source projects are developed and maintained by open source enthusiasts like ourselves, and we want to give back and help open source teams to be more productive and more secure.
-
Critical Vulnerability Uncovered: CVE-2025-0282 Puts Ivanti Systems at Risk
Ivanti has disclosed a critical vulnerability identified as CVE-2025-0282, affecting several of its products, including Ivanti Connect Secure, Policy Secure, and Neurons for ZTA gateways. With a CVSS Score of 9.0, this stack-based buffer overflow vulnerability allows remote, unauthenticated attackers to execute arbitrary code on the target device, posing significant security risks to affected systems.…
-
Cyber Risk Management: It’s Not Just About Technology
For years, the default assumption in cybersecurity has been that managing risk is all about technology: firewalls, encryption, and the latest threat detection tools. The facts don’t lie: in 2024, global cybersecurity spending is projected to reach $223 billion (source: Statista), yet only a small fraction of this—less than $2 billion—is allocated to awareness training…
-
Hackers claim to breach Russian state agency managing property, land records
A group of hackers with unknown ties has claimed responsibility for breaching a Russian government agency, Rosreestr, which is responsible for managing property and land records. Go to Source