CISA orders feds to patch Zimbra XSS flaw exploited in attacks

CISA has ordered U.S. government agencies to secure their servers against an actively exploited vulnerability in the Zimbra Collaboration Suite (ZCS).
The Hacker News

Claude Code Security and Magecart: Getting the Threat Model Right

Magecart hides payload in favicon EXIF via third-party scripts, bypassing static analysis and stealing checkout data at runtime.

These 26-Year-Old Founders Quit DHS And Built A $200 Million AI Cyber Startup

AI is writing more code than humans—and much of it isn’t secure. Corridor’s founders think they’ve found a way to catch the mistakes before attackers do.
The Hacker News

Product Walkthrough: How Mesh CSMA Reveals and Breaks Attack Paths to Crown Jewels

CSMA links siloed security tools into attack paths to crown jewels, exposing hidden risks and enabling faster remediation.