CSIRT War Stories: the underestimated value of false positives

The incident Unique control system files The story begins in an industrial environment where a cloud-based secure remote-control system generates unique client installation files containing Public Key Infrastructure (PKI) cryptographic keys. Each file is distinct, which plays a crucial role in the unfolding of events. Triggering suspicion The incident was set in motion when a […]

CSIRT War Stories: the underestimated value of false positives Read More »

Impact of the transition from the CVSSv3 to CVSSv4 norm

Not so hard We can immediately say the following: “The Base score is good, but the Threat score is much better!” Let’s take a brief look back: everyone can recognize that the CVSSv3.1 score provided an upward evolution from CVSSv2.0, with an average increase of 40% in vulnerability scores, both for the Base Score and the Temporal Score.

Impact of the transition from the CVSSv3 to CVSSv4 norm Read More »

AI and cybersecurity: a double-edged sword

he rapid evolution of AI ushers a new era in cybersecurity. As it brings a wider attack perimeter, artificial intelligence is both a challenge and an opportunity for both sides of the law. Artificial intelligence: a new tool for cyberattacks AI never sleeps and certainly knows no borders. With artificial intelligence, the removal of linguistic

AI and cybersecurity: a double-edged sword Read More »

New Fortinet exploit CVE-2025-24472 disclosed

Variant vulnerability disclosed plaguing Fortinet products Summary Fortinet amended their advisory for FG-IR-24-535 or CVE-2024-55591, an authentication bypass vulnerability, by including another vulnerability tracked as CVE-2025-24472. The original vulnerability was announced as a 0-day vulnerability and has proof-of-concept exploit code available. The same attack path reported in the former vulnerability was discovered in the Fortinet Cooperative

New Fortinet exploit CVE-2025-24472 disclosed Read More »

How to secure AI applications

If properly managed, artificial intelligence (AI) can be a source of infinite opportunities. Misused, however, it can become a dreadful Trojan Horse. The growing adoption of artificial intelligence (AI) in businesses, public institutions and critical infrastructures increases the attack surface for hackers, and raises concerns on many levels. From the unauthorized usage of an LLM

How to secure AI applications Read More »

Mitigating Insider Threats Through Socio-Technical Systems Theory: A People, Process, and Technology Approach

Current Challenges Organizations Face with Insider Threats Organizations today confront a myriad of challenges in identifying and mitigating insider threats. One significant hurdle is the difficulty in detection. Insiders, by virtue of their authorized access, can operate under the radar, making malicious activities hard to distinguish from regular workflows. This challenge is compounded by the

Mitigating Insider Threats Through Socio-Technical Systems Theory: A People, Process, and Technology Approach Read More »

Pentesting and artificial intelligence (AI): attack is sometimes the best defense

The increasing adoption of AI and GenAI (or Generative AI) applications within organizations exposes them to new vulnerabilities and cybersecurity risks. The use of LLM embedded platforms redefines the scope of audit methods and ushers a new era in pentesting. Pentesting: a weapon of mass prevention in cybersecurity Pentesting (or “Pentest”) is short for “Penetration

Pentesting and artificial intelligence (AI): attack is sometimes the best defense Read More »

Meet NailaoLocker: a ransomware distributed in Europe by ShadowPad and PlugX backdoors

Infection chains All four cases used a similar initial access vector consisting of the compromise of a Check Point VPN appliance. Our Incident Responders assess with medium confidence this was managed by the exploitation of CVE-2024-24919, a critical 0-day vulnerability affecting Check Point Security Gateways that have Remote Access VPN or Mobile Access features enabled (link to the

Meet NailaoLocker: a ransomware distributed in Europe by ShadowPad and PlugX backdoors Read More »

SASE explained: how Secure Access Service Edge improves security & performance

What is SASE? A Secure Access Service Edge (SASE) framework merges networking and security functionalities into unified, cloud-based service at the edge of the network. This approach allows organizations to efficiently support a distrubuted workforce, including remote and hybrid users, by seamlessly connecting them to cloud gateways in proximity, rather than rerouting traffic through corporate

SASE explained: how Secure Access Service Edge improves security & performance Read More »

Expert Advice: Achieving NIS2 compliance as an OT leader

What would you say is the biggest challenge OT leaders face when it comes to NIS2 compliance? A.A.: The biggest challenge OT leaders face with NIS2 compliance is securing legacy OT environments without disrupting operations. Unlike IT systems, many OT infrastructures were never designed with cybersecurity in mind. They’re often running on outdated technology with little

Expert Advice: Achieving NIS2 compliance as an OT leader Read More »