We are observing an acute concentration of risk within the foundational layers of legacy infrastructure, exemplified by the urgent remediation of vulnerabilities in the ClamAV scanning engine that have persisted for two decades. The active exploitation of flaws in Oracle EBS Payments and SimpleHelp further suggests that adversaries are successfully targeting the administrative and financial conduits that underpin modern enterprise operations. While industry attention remains tethered to the long-term security implications of generative artificial intelligence and community-led hardware development, the immediate threat landscape is dominated by the weaponisation of these unpatched, high-privilege service accounts. Our desk advises that the strategic priority must shift toward auditing deep-seated open-source dependencies that facilitate critical file-integrity and payment workflows.
Over the last year, with recent updates to iOS and Android, RCS (Rich Communication Services) has become an increasingly used protocol [1]. RCS is supposed to eventually replace SMS, and in addition to richer…
Analyst note —Update DNS security policies to monitor NAPTR records, preventing adversary redirection of message traffic as RCS adoption scales enterprise-wide.
Analyst note —Prioritise patching high-cvss vulnerabilities mentioned to neutralise immediate exploitation threats against critical production infrastructure and internal systems.
Read five key learnings from the Frost & Sullivan 2025 Frost Radar™ for CSPM to learn how CSPM is evolving from point-in-time compliance to continuous risk management. The post 5 insights from Frost & Sullivan’s 2025…