Secure forensic archiving protects security evidence from tampering, enabling reliable forensic analysis, compliance validation, and incident response. Evidence can lose value if it is altered, deleted, or improperly stored. Wazuh provides real-time threat detection, log analysis, and alerting across cloud and on-premises environments. When integrated with Shuffle, an open source SOAR platform, organizations can automate […]
Rhadamanthys Stealer is a credential-harvesting malware sold as Malware-as-a-Service (MaaS). It is known for its modular architecture, data-stealing capabilities, and continuous updates driven by criminal marketplaces. Attackers distribute Rhadamanthys stealer via phishing emails, cracked software, malicious ads, and fake installers. The stealer primarily targets Windows endpoints to extract browser passwords, crypto wallets, system metadata, autofill […]
Wazuh architecture is designed to support agentic AI integration through its existing APIs and programmatic interfaces. Julio Casal (Wazuh) recently shared an early preview of this direction, demonstrating how AI agents can interact with Wazuh deployments to automate workflows, coordinate responses, and reduce manual operational overhead. One Example: Automated Log Integration The video above demonstrates […]
The Wazuh Ambassadors program brings together security practitioners who actively support the global Wazuh community. Ambassadors share hands-on knowledge, create educational resources, and help others adopt and maximize the benefits of Wazuh through collaboration and open source engagement. The program empowers ambassadors to promote open source security awareness. Their contributions help bridge the gap between […]
Open source software makes its source code publicly available, allowing anyone to inspect, audit, and improve it. This transparency creates verifiable trust, where security claims can be independently validated by a global community instead of taken on faith. Open source licenses give users full control to understand, customize, and extend the software to meet their […]
Cephalus ransomware surfaced in mid-August 2025 and quickly attracted attention for its stealth and operational precision. The threat actors demonstrate a clear financial motivation and rely on initial access vectors. They exploit weak or exposed Remote Desktop Protocol (RDP) configurations, particularly targeting accounts lacking Multi-Factor Authentication (MFA) protection, to gain unauthorized access. Cephalus ransomware targets […]
A critical severity Remote Code Execution (RCE) vulnerability disclosed as CVE-2025-55182, has been identified affecting the React Server Components (RSC) protocol. This vulnerability is rated CVSS 10.0 and allows unauthenticated attackers to execute arbitrary code on the server via insecure deserialization of malicious HTTP requests. The flaws also affect frameworks and bundlers that use the […]
Automated password rotation helps protect both cloud and on-premises environments from unauthorized access and credential compromise by reducing the risk associated with exposed credentials. Suspicious or unrecognized login attempts may indicate stolen credentials, compromised accounts, or malicious insider activity. By proactively managing credentials and monitoring authentication events, organizations reduce the risk of insider threats while […]
A critical severity Remote Code Execution (RCE) vulnerability affecting Next.js applications that use the App Router has been identified. This vulnerability is rated CVSS 10.0, disclosed as CVE-2025-66478 and allows remote code execution (RCE) when attacker-controlled requests are processed in unpatched environments. It stems from an upstream vulnerability in the React Server Components (RSC) protocol […]
San Jose, California, November 2025 – Wazuh, the leading open-source Security Information and Event Management (SIEM) and Extended Detection and Response (XDR) solution, announced a partnership with connecT SYSTEMHAUS AG, an owner-managed IT services provider based in Siegen, Germany. The partnership enables connecT to expand its Managed Security Services with Wazuh’s SIEM and XDR capabilities, […]
Another zero-day vulnerability tracked as CVE-2025-13223 has been discovered to affect Google Chrome and Chromium web browsers on Windows, macOS, and Linux endpoints. It follows the earlier disclosure of CVE-2025-4664, which also affects these web browsers. This is a high-severity flaw with a CVSS score of 8.8 reported to be actively exploited in the wild. […]
Funklocker ransomware is a recently observed threat attributed to the FunkSec group, primarily targeting Windows environments. It is known for using AI-assisted code generation to produce new variants, which makes traditional signature-based defenses less effective. Funklocker ransomware uses living-off-the-land (LOTL) techniques by blending malicious activity with legitimate system functions to evade detection. This includes running […]
Snowflake is a fully managed, cloud-native data warehouse designed to handle structured and semi-structured data at massive scale. It separates storage from compute, allowing organizations to independently scale workloads such as data ingestion, analytics, machine learning, and reporting. It is a high-value target for attackers because it often centralizes critical business data such as financial […]
IT Hygiene is the practice of maintaining clean, consistent, and secure endpoint configurations across your infrastructure. Every endpoint in your environment is a potential entry point for attackers. A forgotten user account, an outdated package, a rogue service, or an unapproved browser extension can silently expose your organization to risk. Consistent visibility and control over […]
