Social media can work both for and against an organization, so it’s worth treating these sites as extensions of your attack surface. CompassDRP’s Social Media integration continuously monitors both corporate and employee profiles across platforms such as Twitter, LinkedIn, and Facebook. It automatically flags unauthorized or impersonating accounts that mimic...

Today marks Microsoft Patch Tuesday for July 2025, addressing 137 vulnerabilities. Key issues include an information disclosure vulnerability in Microsoft SQL Server and local code execution vulnerabilities in Microsoft Office. More details are provided below. Notable Patch Tuesday vulnerabilities for July CVE-2025-49719: An information disclosure vulnerability in Microsoft SQL Server...

It’s tempting to view bug bounty programs as a cheat code – an enticing shortcut to uncover vulnerabilities by tapping into the creativity of the global security community. Is there really any need to invest in your own testing for vulnerabilities? But while these programs can surface critical flaws that...

I recently discovered an interesting race condition vulnerability in the eCommerce software nopCommerce, during a manual pen test as part of the SWAT service (SWAT is Outpost24’s Pen Testing as a Service solution). This vulnerability (CVE-2024-58248) involves nopCommerce, an open-source eCommerce platform written in C#, which aids developers in building...

In June 2025, Israel carried out airstrikes against key Iranian military and nuclear facilities. Iran swiftly retaliated, escalating regional tensions to unprecedented levels. This military confrontation has not only unfolded in conventional warfare but also triggered a massive surge in cyber operations. Almost immediately after the kinetic attacks, numerous hacktivist...

The cyberattack by Gonjeshke Darande on Nobitex (Iran’s largest cryptocurrency exchange) made global headlines, not only for its scale, but for its political intent. This bold act of digital sabotage occurred within a rapidly deteriorating geopolitical context. On June 13, 2025, Israeli airstrikes targeted key Iranian military and nuclear facilities....

In the world of modern web applications, the OAuth flow is our trusty gatekeeper, enabling seamless logins and secure data sharing. But its flexibility (designed to handle myriad use cases) is also its Achilles’ heel. A tiny misstep in URI validation or a missing state check can turn a robust...

Your external attack surface is growing — whether you’re aware of it or not. Cloud migration, IoT, AI, and remote work are all contributing to the rapid expansion of organizations’ external attack surfaces, and many security teams are struggling to keep up. According to a 2021 report, 69% of organizations...

Today marks Microsoft Patch Tuesday for June 2025, with 66 vulnerabilities addressed. This update includes two zero-day vulnerabilities and several other high-severity remote code execution vulnerabilities. One of the zero-day vulnerabilities is actively being exploited, so it’s crucial to apply the relevant patches as soon as possible. Notable Vulnerabilities for...

Last year, nearly 60% of cyber compromises were directly attributable to unpatched vulnerabilities – flaws that organizations knew about but hadn’t remediated in time. The problem with traditional vulnerability management (VM) approaches is they treat every finding equally, leaving security teams drowning in noise and fighting to sort serious risks...