An overview of a Google Chrome vulnerability (CVE-2025-4664) that enables cross-origin data leakage by bypassing referrer policies, potentially leading to account takeover and unauthorized access. Originally written in May 2025.
An overview of a critical Fortinet vulnerability (CVE-2025-32756) actively exploited in the wild, allowing unauthenticated remote code execution across multiple Fortinet products. Originally written in May 2025.
A reminder on the importance of regularly reviewing cybersecurity insurance policies to ensure coverage keeps pace with evolving threats, regulatory requirements, and increasing third-party risk exposure. Originally written in April 2025.
Overview of a critical SSRF vulnerability in Commvault’s web interface (CVE-2025-34028) that could lead to remote code execution — highlighting the risk to data backup environments. Originally written in April 2025.
An overview of recently disclosed AirPlay vulnerabilities that can be chained to achieve zero-click remote code execution across Apple and third-party devices. Originally written in April 2025.