Now that CMMC 2.0 enforcement is finally underway, the whole topic of the U.S.’ Cybersecurity Maturity Model Certification needs to be revisited. Version 2.0 was simplified and finalized in 2024; however, its official start date was November 10, 2025. Consequently, defense contractors and hopefuls will have to officially clear this latest set of hoops to earn government contracts with the U.S....

Learn how Python pickle serialization exposes AI/ML pipelines to supply chain attacks. Discover exploitation methods and actionable steps to secure your models.

Below we describe post compromise activity taken by a threat actor following exploitation of the Windows Server Update Service (WSUS) remote code execution vulnerability CVE-2025-59287. In this breach, we have observed the threat actor using several common, typically benign tools to achieve their goals and attempt to mask their actions.The threat actor downloaded Velociraptor, a digital forensics...

Lynn Penick explores how small, disciplined steps can significantly improve cybersecurity maturity and prevent catastrophic breaches. Using the Louvre Museum heist as an example, it emphasizes that security failures often stem from simple oversights — like weak passwords — rather than sophisticated attacks.

The blog highlights the severe challenges facing U.S. cybersecurity due to a government shutdown and the expiration of the Cybersecurity Information Sharing Act of 2015. With CISA operating at only 35% capacity, federal support for CISOs is minimal, leaving organizations vulnerable to escalating nation-state cyberattacks. The lapse of liability protections discourages companies from sharing threat data, weakening collective defense efforts.

Discover details on CVE-2025-55182, the React2Shell remote code execution vulnerability. Learn about exploitation trends, detection challenges, and key actions for security teams to mitigate risk and identify compromise indicators.