Introduction Possibly one of the most important things that have not changed at all is that, regardless of the constant growth of new technologies and new payment solutions, the issue of security remains extremely important. The standard with which organizations have been comparing their payment card data security programs for…
If you’re still relying on a perimeter firewall to protect your network… you’re already behind. The way we work has changed. Remote teams, cloud apps, and mobile devices they’ve all shattered the traditional idea of a secure network boundary. That’s where Zero Trust Architecture (ZTA) comes in. And NIST just…
What Is a TLS/SSL Port? A TLS/SSL port is a portion of the network used for the creation of secure connections on the Internet using the Transport Layer Security or Secure Socket Layer. Such protocols are used for encryption and authentication so that data being exchanged between a client, like…
If you’re using Trend Micro Apex Central or Endpoint Encryption PolicyServer, here’s some urgent news. Hackers could take full control of your system, no login required. On June 10th, Trend Micro released urgent patches for ten security flaws, including six unauthenticated remote code execution (RCE) vulnerabilities rated critical with CVSS…
The Common Name (CN) in an SSL/TLS certificate is a field that identifies the main domain name that this certificate belongs to. It is used mainly as the primary means for verifying the identity of the domain while conducting safe communication over the World Wide Web. Originally, the CN field…
Google Chrome announced that it would distrust new TLS/SSL certificates from two certificate authorities (CAs): Chunghwa Telecom and Netlock, effective August 1, 2025, with the release of Chrome version 139. Apart from releasing new TLS/SSL standards, the Chrome announcement represents another significant step in Google’s campaign to demand accountability for…
What is Ransomware-as-a-Service (RaaS)? Ransomware-as-a-Service is a model for cybercrime in which ransomware creators sell or license their software for use by accomplices, who usually launch ransomware attacks. Even with very little or no technical know-how, individuals can hence become active participants in a highly sophisticated ransomware attack. RaaS runs…
What is Wildcard SSL? A Wildcard SSL certificate is a special type of SSL certificate designed to secure a single domain and all of its subdomains. Unlike regular SSL certificates that only secure one domain, a Wildcard SSL certificate uses a wildcard character (an asterisk, *) in the domain name…
In response to evolving browser policies and heightened security requirements, Sectigo and DigiCert both announced they will remove the Client Authentication Extended Key Usage (EKU) from public SSL/TLS certificates. It is part of a broader initiative to support Google Chrome’s Root Program and CA/Browser Forum best practices. It directs public…
If you run a website, especially one secured with a Free SSL Certificate, chances you are using Let’s Encrypt. They’re the game changers who made SSL certificates free and easy for everyone. However, as of June 4, 2025, a small change is coming that might catch some people off guard…
Welcome to the Quantum Era, where even the strongest locks we use to protect our digital lives might soon be breakable. However, don’t panic; Microsoft is already preparing for that future, and it has just rolled out a groundbreaking update for Windows Insiders and Linux users that could change the…
A severe zero-day vulnerability has been found in the widely used Eventin WordPress plugin (Themewinter), which puts over 10,000 websites at extreme risk for complete takeover. CVE-2025-47539 is the identifier for the flaw, which permits unauthenticated privilege escalation, allowing users to create user accounts at the Administrator level without having…
About the Incidence What began as a handful of phishing attacks by early 2025 became a large, organised attack aimed at the fisheries, telecommunications, and insurance sectors in Kuwait. Security Researchers at Hunt.io have found evidence of a large phishing campaign that used over 230 different malicious websites to try…
Cybersecurity experts are concerned about a high-impact vulnerability in Fortinet’s FortiOS, FortiProxy, and FortiSwitchManager, designated as CVE-2025-22252. The vulnerability could allow the attacker to circumvent authentication and gain privileges as an administrator on enterprise networks that deploy Fortinet security appliances. What is CVE-2025-22252? CVE-2025-22252 is an authentication for critical function…
An Incidence The hunter becomes the hunted. LockBit, once the most dominant ransomware-as-a-service (RaaS) syndicate on the dark web, has been shattered from within. In a dramatic twist, the criminal enterprise infamous for extorting hundreds of millions from global victims has now suffered a severe breach of its infrastructure, exposing…