Insights

Critical Path Security is excited to announce that Patrick Kelley, our CEO and seasoned cybersecurity expert, will deliver specialized training on leveraging Zeek for advanced cybersecurity monitoring at the upcoming Co-op Cyber Tech conference. The event, a leading technical conference addressing cybersecurity in the cooperative space, is scheduled for June 24 - 26, 2025, in Denver, Colorado. In this highly anticipated session, titled "Zeek: Leveraging ACID and OT Protocols," Patrick will offer practical, hands-on training tailored for critical infrastructure and operational technology (OT) professionals. Participants will gain invaluable insights into effective deployment and use of Zeek for comprehensive network visibility and threat detection across IT and OT environments. Training Highlights Include: Zeek Deployment Best Practices: Optimal sensor placement strategies (external, internal, between network segments). Comprehensive Zeek Management: Mastering Zeek command-line tools and service control (zeekctl). Advanced Scaling Techniques: Distributed Zeek deployment using Docker and Ansible for enhanced performance. OT-Specific Protocol…

SharePoint phishing has become one of the most effective tactics used by attackers to compromise user credentials-and it's working because it looks familiar. If your team uses Microsoft 365, you're likely sharing and receiving SharePoint links regularly. That convenience is exactly what attackers are counting on. Here's the Red Flag: If someone shares a SharePoint document with you, you should not be prompted to log in again-especially if you're already signed in to Office 365 in your browser or desktop apps. If you're already authenticated, you shouldn't have to authenticate again. Phishing campaigns often mimic the Microsoft SharePoint sharing experience. They send a link that looks like a legitimate SharePoint document. But when you click the link, instead of seeing the document, you're redirected to a fake Microsoft login page. It looks real. It uses a Microsoft logo. It even may copy the same fonts and layout. But when you…

June 12, 2025 - Palo Alto Networks has released seven new security advisories detailing critical and medium-severity vulnerabilities affecting several of its core products, including GlobalProtect, PAN-OS, Prisma Access, and Cortex XDR. High-Severity: GlobalProtect for macOS - CVE-2025-4232 The most severe of the disclosed vulnerabilities is an improper wildcard neutralization flaw in GlobalProtect for macOS. Tracked as CVE-2025-4232, this vulnerability affects the application's log collection feature and could allow an authenticated attacker to escalate privileges to root via code injection. Chrome Fixes and Prisma Access Exposure In conjunction with internal updates, Palo Alto also implemented 11 recent Chrome-related security fixes, including a patch for CVE-2025-4233 - a cache vulnerability affecting the Prisma Access Browser. Command Injection Vulnerabilities in PAN-OS Two additional command injection flaws were identified in PAN-OS: CVE-2025-4231: Exploitable through the management web interface by an authenticated administrator with network access, allowing command execution as root. CVE-2025-4230: Exploitable via…

Ivanti and Fortinet have released security updates to resolve over a dozen vulnerabilities across their platforms, including several rated high severity. Ivanti Vulnerabilities Ivanti published an update for Workspace Control (IWC) to address three high-severity vulnerabilities-CVE-2025-5353, CVE-2025-22463, and CVE-2025-22455. These flaws stem from hardcoded encryption keys present in IWC versions 10.19.0.0 and earlier, which could allow authenticated attackers to decrypt stored SQL credentials and environment passwords. Ivanti stated the issues were discovered through its responsible disclosure program and confirmed no active exploitation at the time of disclosure. Fortinet Vulnerabilities Fortinet released 14 security fixes this week, including one high-severity vulnerability and 13 rated medium severity. The critical issue, CVE-2025-31104, is an OS command injection flaw in FortiADC, allowing authenticated users to execute arbitrary code via specially crafted HTTP requests. Other affected products include: FortiOS FortiClientEMS / FortiClient for Windows FortiPAM FortiSRA FortiSASE FortiPortal FortiProxy FortiWeb The medium-severity vulnerabilities could lead…