by Jonathan R. Brennan, CISSP | Jun 8, 2025 | Bulletins
Unveiling the Gluestack NPM Attack A Deep Dive into the Gluestack Supply Chain Breach A major supply chain compromise is unfolding across the React Native ecosystem via popular packages under the @react-native-aria and @gluestack-ui scopes. A sophisticated Remote...
by Jonathan R. Brennan, CISSP | May 25, 2025 | Bulletins
Zero-day in Windows Server 2025’s Active Directory enables full Domain Takeover Understanding dMSA Vulnerabilities Discover how attackers exploit dMSA configurations to gain unauthorized access to high-value accounts. Learn the steps to safeguard your network and...
by Jonathan R. Brennan, CISSP | May 24, 2025 | Bulletins
Unveiling the Threat: CVE-2025-3928 If you use Commvault and M365, you'd better listen up. A zero-day vulnerability in Commvault Metallic’s web server (CVE-2025-3928) allowed nation-state attackers to compromise Microsoft 365 client secrets, putting live customer...
by Jonathan R. Brennan, CISSP | May 19, 2025 | Bulletins
Thanks micrisoft Actively Exploited: Five Windows Zero-Days DWM, CLFS, WinSock, and IE Mode vulnerabilities already under attack—patch now or risk breach. Five zero-days in core Windows components are under active exploitation—affecting everything from Desktop Window...
by Jonathan R. Brennan, CISSP | May 15, 2025 | Bulletins
Who needs access to their files anyway? RANSOMWARED HARDWARE. Ooof. If you get hit with this, your options are to pay the ransom or throw out the device. Maybe both. This can survive reboots, OS installs, and even drive replacements. Firmware based attacks are...
by Jonathan R. Brennan, CISSP | May 14, 2025 | Bulletins
Unveiling the Critical SAP Vulnerabilities SAP NetWeaver Composes Nighmares. The Impact of CVE-2025-31324 and CVE-2025-42999 Discover the latest insights into the severe vulnerabilities impacting SAP systems worldwide. Learn how to protect your business-critical...
