Dataproof Communications

Fortinet released a batch of patches across its products on Patch Tuesday, including two critical vulnerabilities that can lead to remote code execution. Fortinet flaws, both zero-day and n-day, have been exploited in the wild many times in the past, so companies should deploy patches as soon as possible. “Fortinet vulnerabilities are often attractive to...

The financial services industry (FSI) is using AI to transform how financial institutions serve their customers. AI solutions can help proactively manage portfolios, automatically refinance mortgages when rates decrease, and negotiate insurance premiums for customers. However, this adoption brings new governance, risk, and compliance (GRC) considerations that organizations need to address. To help FSI customers navigate these challenges, AWS...

Microsoft’s May Patch Tuesday fixes 120 flaws, including 31 remote code execution bugs, with no zero-days reported at release. The post Microsoft’s Patch Tuesday Update Targets 120 Security Flaws appeared first on TechRepublic. - Read more

Amazon Web Services (AWS) is pleased to announce the successful completion of Payment Card Industry Personal Identification Number (PCI PIN) and PCI Point-to-Point Encryption (PCI P2PE) assessments for the AWS Payment Cryptography service. This assessment expands the AWS Payment Cryptography compliance portfolio, with AWS now validated as a component provider for Key Management (KMCP) and Key Loading (KLCP) in...

OverviewAttackers do not need to break into the front door when they can convince employees to open it for them through the tools they already trust.In April 2026, Rapid7 investigated an enterprise intrusion that began with a Microsoft Teams message from a fake “IT Support” account and quickly escalated into a full compromise chain involving malware deployment, privilege escalation,...

Email filters are important, but they can’t remove phishing risk on their own. Today’s campaigns are built to slip through the cracks, using fresh domains, CAPTCHA checks, fake login pages, OTP theft, and even legitimate RMM tools.  For security leaders, the bigger issue is business exposure. One missed email can slow response, create uncertainty, and leave teams unsure of what was accessed...

aria2c Improper Certificate Validation Tenable Research discovered that aria2c accepts a server certificate with incorrect Extended Key Usage (EKU). If the attackers compromise a certificate (with the associated private key) issued for a different purpose, they may be able to reuse it for TLS server authentication. Proof of ConceptIn this PoC, we will demonstrate generating private keys and the corresponding...

Instructure says it reached an agreement with ShinyHunters over the Canvas breach data - Read more

Updated the fixed version number. This is an informational change only. - Read more

At Rapid7, our commitment to our partners is built on the foundation of the PACT (Partnering with Accountability, Consistency, and Transparency) program. Central to this mission is the Rapid7 Partner Academy, which was recently honored with a Gold Stevie Award in the 2026 American Business Awards® for Achievement in Collaboration and Partnership. This recognition underscores our dedication to providing...