Threat Note

 Cloud identity security relies heavily on Microsoft Entra ID (formerly Azure AD) Conditional Access. It acts as the primary digital gatekeeper, checking user locations, calculating risk scores, and verifying device…

[[{"value":"Containing fixes for critical-severity vulnerabilities, the monthly rollouts will focus on addressing priority issues faster. The post Oracle Debuts Monthly Critical Security Patch Updates appeared first on SecurityWeek."}]] Read More  

 The aviation and aerospace sector has become one of the most actively targeted industries by ransomware operators and data extortion groups in 2025 and 2026. From passenger-processing platforms to satellite-dependent…

Palo Alto Networks has released an advisory warning that a critical buffer overflow vulnerability in its PAN-OS software has been exploited in the wild. The vulnerability, tracked as CVE-2026-0300, has been described as a case of unauthenticated remote code execution. It carries a CVSS score of 9.3 if the User-ID Authentication Portal is configured to enable access from the internet or any

As the war with Iran continues, breach attempts targeting the United Arab Emirates tripled in a few weeks — many targeting critical infrastructure. Read More  

[[{"value":"CVE-2026-0300 affects the Captive Portal service of PAN-OS software on PA and VM series firewalls. The post Palo Alto Networks to Patch Zero-Day Exploited to Hack Firewalls appeared first on…

 Palo Alto Networks has disclosed a critical buffer overflow vulnerability in PAN-OS software, tracked as CVE-2026-0300, that is already being actively exploited in the wild. The flaw carries a CVSS…

Info is scant, but such breaches can reveal where a security product's controls are located and how detections are designed, giving attackers a leg up. Read More  

The UC Berkeley Center for Long-Term Cybersecurity (CLTC) offers tools and support to schools, local governments, and non-profits as they defend themselves against a growing volume of cyberattacks. Read More  

Well-run security drills go beyond checking audit boxes to identify and address trouble spots. Effective leaders can ensure proper scope, access, and follow-through, but it’s not easy. Read More  

 Robust defense systems are built on a clear understanding of current threats and the ability to translate it into consistent decisions and measurable outcomes at optimal cost.  High-performing SOCs achieve this by eliminating unnecessary work and operationalizing threat data. At the core of this model lies threat intelligence that…

 GnuTLS version 3.8.13 has been officially released to patch a dozen security vulnerabilities, including critical flaws affecting secure network communications. The update is highly recommended for all systems using GnuTLS,…

 Cisco has announced its intent to acquire Astrix Security Ltd., an industry leader in Non-Human Identity (NHI) security. This strategic acquisition aims to protect enterprise environments from the expanding attack…

The Apache Software Foundation (ASF) has released security updates to address several security vulnerabilities in the HTTP Server, including a severe vulnerability that could potentially lead to remote code execution (RCE). The vulnerability, tracked as CVE-2026-23918 (CVSS score: 8.8), has been described as a case of "double free and possible RCE" in the HTTP/2 protocol handling. This issue

 A critical unauthenticated remote code execution vulnerability in the Weaver E-cology platform is currently being actively exploited in the wild. CVE-2026-22679 carries a maximum CVSS score of 9.8 and affects…