IaC is powerful. It brings speed, scale, and structure to cloud infrastructure. But none of that matters if your security can’t keep up. Go to Source Author: Jatin Mannepalli
Author Archives: Onsite Computing, Inc.
Europol has announced the takedown of distributed denial of service (DDoS)-for-hire services that were used to launch thousands of cyber-attacks across the world. In connection with the operation, Polish authorities have arrested four individuals and the United States has seized nine domains that are associated with the now-defunct platforms. “The suspects are believed to be […]
A second security flaw impacting the OttoKit (formerly SureTriggers) WordPress plugin has come under active exploitation in the wild. The vulnerability, tracked as CVE-2025-27007 (CVSS score: 9.8), is a privilege escalation bug impacting all versions of the plugin prior to and including version 1.0.82. “This is due to the create_wp_connection() function missing a capability check […]
Medical device company Masimo Corporation warns that a cyberattack is impacting production operations and causing delays in fulfilling customers’ orders. […] Go to Source Author: Bill Toulas
CISA warned critical infrastructure organizations of “unsophisticated” threat actors actively targeting the U.S. oil and natural gas sectors. […] Go to Source Author: Sergiu Gatlan
Cybersecurity researchers have disclosed multiple security flaw in the on-premise version of SysAid IT support software that could be exploited to achieve pre-authenticated remote code execution with elevated privileges. The vulnerabilities, tracked as CVE-2025-2775, CVE-2025-2776, and CVE-2025-2777, have all been described as XML External Entity (XXE) injections, which occur when an attacker is Go to […]
Polish authorities have detained four suspects linked to six DDoS-for-hire platforms, believed to have facilitated thousands of attacks targeting schools, government services, businesses, and gaming platforms worldwide since 2022. […] Go to Source Author: Sergiu Gatlan
Security Service Edge (SSE) platforms have become the go-to architecture for securing hybrid work and SaaS access. They promise centralized enforcement, simplified connectivity, and consistent policy control across users and devices. But there’s a problem: they stop short of where the most sensitive user activity actually happens—the browser. This isn’t a small omission. It’s a […]
Threat actors with links to the Play ransomware family exploited a recently patched security flaw in Microsoft Windows as a zero-day as part of an attack targeting an unnamed organization in the United States. The attack, per the Symantec Threat Hunter Team, part of Broadcom, leveraged CVE-2025-29824, a privilege escalation flaw in the Common Log […]
Microsoft says the April 2025 security updates are causing authentication issues on some Windows Server 2025 domain controllers. […] Go to Source Author: Sergiu Gatlan