Dataproof Communications

The US Cybersecurity and Infrastructure Security Agency (CISA) has asked owners and operators of operational technology to stop assuming their networks are safe, and has released joint guidance to adapt zero trust principles for industrial systems that support US power, water, transportation, building automation, and weapons-support infrastructure. OT owners should design controls on the assumption...

View CSAF Summary Successful exploitation of this vulnerability could allow an attacker to bypass user authentication on OPTIMAX installations that make use of the Azure Active Directory Single-Sign On integration. The following versions of ABB Ability OPTIMAX are affected: ABB Ability OPTIMAX 6.1 vers:all/*  ABB Ability OPTIMAX 6.2 vers:all/*  ABB Ability OPTIMAX 6.3 <6.3.1-251120  ABB Ability OPTIMAX 6.4 <6.4.1-251120  CVSS Vendor Equipment Vulnerabilities v3 8.1 ABB ABB Ability OPTIMAX Incorrect Implementation of Authentication Algorithm Background Critical...

View CSAF Summary Successful exploitation of these vulnerabilities could allow an attacker to remotely reboot the device or complete an unauthenticated query to reveal system configuration, including sensitive details. The following versions of ABB AWIN Gateways are affected: ABB AWIN Firmware (2.0-0) installed on ABB AWIN GW100 rev.2 2.0-0  ABB AWIN Firmware (2.0-1) installed on ABB AWIN GW100 rev.2 2.0-1  ABB AWIN Firmware (1.2-0) installed...

In December 2025, we detected a wave of malicious emails designed to look like official correspondence from the Indian tax service. A few weeks later, in January 2026, a similar campaign began targeting Russian organizations. We have attributed this activity to the Silver Fox threat group. Both waves followed a nearly identical structure: phishing emails were styled as official notices...

- Read more

By: Josh Bartolomie, Chief Security OfficerThe Illusion of ReadinessI have spent a good portion of my career inside and around security awareness programs, watching them evolve from afterthought compliance checkboxes to multimillion-dollar platform investments. Along the way, I have seen a pattern repeat itself more times than I can count: organizations running the same simulation templates year after year,...

Executives making AI decisions without hands-on building experience have a comprehension gap that no briefing can close. AI is rapidly eroding most traditional competitive moats, and proprietary data's real value now comes down to how long it would take a competitor to reconstruct it. As AI equalizes development speed, the most valuable engineers are...

Summary The United States (US) is shifting toward a more force-driven security strategy primarily relying on military operations and economic pressure to counter transnational criminal organizations and limit Chinese, Russian, and Iranian influence in the Western Hemisphere. Regional outcomes diverge across three core scenarios: US-aligned authoritarian cooperation with fragile stability Political fragmentation enabling criminal expansion and governance...

Version 8.19.15 of the Elastic Stack was released today. We recommend you upgrade to this latest version. We recommend 8.19.15 over the previous versions 8.19.14 Fixed a regression where APM’s HTTP/2 connections could fail with strict clients due to framing errors. For details of the issues that have been fixed and a full list of changes for each product in this...

At this year's Gartner Security and Risk Management Summit in Sydney, Rapid7 CISO Brian Castagna joined industry CISO Nigel Hedges for a fireside chat on the decisions security leaders are actually making right now. They discussed the real decisions being made right now about budgets, burnout, AI, and perspective on consolidation.The conversation reinforced what we see across many organizations:...