Dataproof Communications

Learn how vulnerability in Anthropic's reference Postgres MCP server allowed us to bypass the read-only restriction and execute arbitrary SQL statements. - Read more

Discover how attackers could quietly enumerate AWS resources via Resource Explorer, and how Datadog and AWS worked together to close the visibility gap. - Read more

Threat insights from Datadog Security Labs for Q2 2025. - Read more

Update, August 18, 2025 We have updated the read-only and shutdown dates to ensure that our new Static CT API logs are fully trusted by browsers before switching Oak to read-only in order to avoid any disruption. Let’s Encrypt operates two types of Certificate Transparency (“CT”) logs—some implement the original RFC 6962 API, and some that implement the newer Static CT...

With the latest updates to Attack Discovery and Elastic AI Assistant, customers can accelerate detection, reduce manual effort, and gain deeper insight into their security data. Give your security analysts a more seamless investigation experience. - Read more

Tenable Identity Exposure Versions 3.93.2 and 3.77.13 Fix One Vulnerability Arnie Cabral Wed, 08/06/2025 - 10:48 Tenable Identity Exposure leverages third-party software to help provide underlying functionality. One of the third-party components (nodeJS) was found to contain vulnerabilities, and updated versions have been made available by the provider.Out of caution and in line with best practice, Tenable has...

FortiGuard Labs has observed a sharp increase in exploitation attempts targeting the 'Citrix Bleed 2' vulnerability since July 28, 2025. Telemetry indicates activity has surged to over 6,000 detections across IPS sensors globally. The majority of observed attacks are concentrated in the United States, Australia, Germany, and the United Kingdom, with adversaries primarily focusing on high-value sectors such as...

Persistent trend in open-source offensive tooling & implications for defenders - Read more

Today we turned off our Online Certificate Status Protocol (OCSP) service, as announced in December of last year. We stopped including OCSP URLs in our certificates more than 90 days ago, so all Let’s Encrypt certificates that contained OCSP URLs have now expired. Going forward, we will publish revocation information exclusively via Certificate Revocation Lists (CRLs). We ended support for...

Barristers report going unpaid and cases being turned away amid fears firms will desert legal aid work altogetherLawyers have warned that a cyber-attack on the Legal Aid Agency has pushed the sector into chaos, with barristers going unpaid, cases being turned away and fears a growing number of firms could desert legal aid work altogether.In May, the legal aid...