Non-human employees are becoming the future of cybersecurity, and enterprises need to prepare accordingly. As organizations scale Artificial Intelligence (AI) and cloud automation, there is exponential growth in Non-Human Identities (NHIs), including bots, AI agents, service accounts and automation scripts. In fact, 51% of respondents in ConductorOne’s 2025 Future of Identity Security Report
Veeam Patches Critical RCE Vulnerability with CVSS 9.0 in Backup & Replication
Veeam has released security updates to address multiple flaws in its Backup & Replication software, including a “critical” issue that could result in remote code execution (RCE).
The vulnerability, tracked as CVE-2025-59470, carries a CVSS score of 9.0.
“This vulnerability allows a Backup or Tape Operator to perform remote code execution (RCE) as the postgres user by sending a malicious
The vulnerability, tracked as CVE-2025-59470, carries a CVSS score of 9.0.
“This vulnerability allows a Backup or Tape Operator to perform remote code execution (RCE) as the postgres user by sending a malicious
Microsoft Warns Misconfigured Email Routing Can Enable Internal Domain Phishing
Threat actors engaging in phishing attacks are exploiting routing scenarios and misconfigured spoof protections to impersonate organizations’ domains and distribute emails that appear as if they have been sent internally.
“Threat actors have leveraged this vector to deliver a wide variety of phishing messages related to various phishing-as-a-service (PhaaS) platforms such as Tycoon 2FA,” the
“Threat actors have leveraged this vector to deliver a wide variety of phishing messages related to various phishing-as-a-service (PhaaS) platforms such as Tycoon 2FA,” the
Ongoing Attacks Exploiting Critical RCE Vulnerability in Legacy D-Link DSL Routers
A newly discovered critical security flaw in legacy D-Link DSL gateway routers has come under active exploitation in the wild.
The vulnerability, tracked as CVE-2026-0625 (CVSS score: 9.3), concerns a case of command injection in the “dnscfg.cgi” endpoint that arises as a result of improper sanitization of user-supplied DNS configuration parameters.
“An unauthenticated remote attacker can inject
The vulnerability, tracked as CVE-2026-0625 (CVSS score: 9.3), concerns a case of command injection in the “dnscfg.cgi” endpoint that arises as a result of improper sanitization of user-supplied DNS configuration parameters.
“An unauthenticated remote attacker can inject
OpenAI is reportedly getting ready to test ads in ChatGPT
Multiple reports suggest that OpenAI is going ahead with its plans to add ads to ChatGPT, but the experiment will be initially limited to its employees. […]
OpenAI is rolling out GPT-5.2 “Codex-Max” for some users
OpenAI is testing a new model for Codex, and it could be the company’s best coding model yet. […]
Taiwan says China’s attacks on its energy sector increased tenfold
The National Security Bureau in Taiwan says that China’s attacks on the country’s energy sector increased tenfold in 2025 compared to the previous year. […]
Microsoft cancels plans to rate limit Exchange Online bulk emails
Microsoft announced today that it has canceled plans to impose a daily limit of 2,000 external recipients on Exchange Online bulk email senders. […]
New D-Link flaw in legacy DSL routers actively exploited in attacks
Threat actors are exploiting a recently discovered command injection vulnerability that affects multiple D-Link DSL gateway routers that went out of support years ago. […]
Kimwolf Android botnet abuses residential proxies to infect internal devices
The Kimwolf botnet, an Android variant of the Aisuru malware, has grown to more than two million hosts, most of them infected by exploiting vulnerabilities in residential proxy networks to target devices on internal networks. […]