Elastic wins fifth Google Cloud Partner of the Year award
For the fifth time, Elastic has been recognized for its achievements in the Google Cloud ecosystem, helping joint customers deploy generative AI solutions in...
Emerging Enterprise Security Risks of AI
Summary Agentic AI adoption is accelerating rapidly as enterprise software and applications increasingly incorporate task-specific AI agents, enabling autonomous execution of complex tasks...
This VPN Lets You Verify Your Business Privacy For $130
VP.NET makes VPN privacy verifiable, not just policy-based, with secure enclave tech for up to five devices.
The post This VPN Lets You Verify Your...
How to clone an AWS CloudHSM cluster across Regions
Important: As of January 1, 2025, Client SDK 3 tools (CMU and KMU) are no longer supported. This guide has been...
Flowise – Path Traversal in Vector Store basePath
Flowise - Path Traversal in Vector Store basePath The Faiss and SimpleStore (LlamaIndex) vector store implementations accept a basePath parameter from user-controlled input and...
Flowise – Cypher Injection in GraphCypherQAChain
Flowise - Cypher Injection in GraphCypherQAChain The GraphCypherQAChain node forwards user-provided input directly into the Cypher query execution pipeline without proper sanitization. An attacker...
Flowise – Missing Authentication on NVIDIA NIM Endpoints
Flowise - Missing Authentication on NVIDIA NIM Endpoints The NVIDIA NIM router (/api/v1/nvidia-nim/*) is whitelisted in the global authentication middleware, allowing unauthenticated access to...
20th April – Threat Intelligence Report
For the latest discoveries in cyber research for the week of 20th April, please download our Threat Intelligence Bulletin.
TOP ATTACKS AND BREACHES
Booking.com, the Amsterdam-based...
DFIR Report – The Gentlemen & SystemBC: A Sneak Peek Behind the Proxy
Key Points
The Gentlemen ransomware‑as‑a‑service (RaaS) program is rapidly gaining popularity, attracting numerous affiliates and publicly claiming over 320 victims, with the majority of attacks (240)...
Latest article
Great responsibility, without great power
Welcome to this week’s edition of the Threat Source newsletter. As I’m writing this, today (April 28) is International Superhero Day. If you don’t know the origin story behind...
Imperva Customers Protected Against CVE-2026-41940 in cPanel & WHM
What is CVE-2026-41940?
CVE-2026-41940 is a critical authentication bypass vulnerability affecting cPanel & WHM, including DNSOnly, in versions after 11.40. The flaw, discovered by WatchTowr...
Microsoft Windows 11 April 2026 Security Update Breaks Third-Party Backup Applications
Microsoft’s April 2026 cumulative security update for Windows 11 is causing significant disruptions for users relying on third-party backup software, triggering an MS-DEFCON level...
Almost half of UK businesses hit by cyber attacks
The government's annual cyber security report reveals UK businesses are still struggling with the impact of attacks and breaches. - Read more
