Recent Posts
Not a Good Look, AI: What Happens to Privacy When Glasses Get Smart?
They look just like a regular pair of Ray-Bans. But behind the dark lenses?Cameras. Microphones. AI-powered assistants. All quietly recording, analysing, and storing data, sometimes even in real-time. And unless you’ve signed up for a starring role in someone else’s life capture experiment, you probably …
Welcome New Member – Amna Almadhoob from Bahrain
Please welcome our newest member from Bahrain, Amna Almadhoob
As a leader in the cybersecurity field, specializing in the financial industry, Amna brings extensive experience in defining strategic direction to secure operations, assets, and products against evolving threats.
She has a proven track record in building and maturing cybersecurity functions, leading teams, and supporting business operations. Recently, Amna began teaching at the university level, where she inspires the next generation of tech and cyber professionals.
Beyond the workplace, Amna actively collaborates with community institutions to run awareness workshops for the wider public, with a special focus on children.
It’s good to have you, Amna! We look forward to the expertise you bring and enabling you here at CyAN. Don’t hesitate to reach out or explore her profile to grow your networks mutually.
The Human Factor in OT Security Incidents: Understanding Insider Threats and Social Engineering in Critical Infrastructure by Rupesh Shirke
Introduction The human factor is an essential but overlooked security component in Operational Technology (OT) systems within critical infrastructure. However, although many technological defenses have improved, insider threats and social engineering remain serious due to inherent human activity and organizational culture vulnerabilities. Operators of OT …
Used, Not Consulted: When AI Trains on Our Work Without Consent
CyAN Context At CyAN, we often talk about trust, governance, and transparency aspillars of a secure digital future. But what happens when thoseprinciples are ignored, not in a breach or a ransomware attack, but inthe slow, quiet erosion of creator rights? As a cybersecurity professional …
Week 20 – Critical elevation of privilege vulnerability in Azure DevOps
12 – 18 May 2025
A critical elevation of privilege vulnerability has been found in Azure DevOps, published on May 8, 2025, and updated with more details 2 days later on May 10, 2025. It has a CVSS score of 10.0!
It’s not often that a truly critical vulnerability is discovered that reaches the maximum severity rating of 10 on the Common Vulnerability Scoring System. This is one such case.
Microsoft confirmed that this Azure DevOps pipeline token hijacking vulnerability is caused by an issue whereby Visual Studio improperly handles the pipeline job tokens, enabling an attacker to potentially extend their access to a project. According to the company’s official communication:
To exploit this vulnerability, an attacker would first have to have access to the project and swap the short-term token for a long-term one.
To be fair, CVE-2025-29813 is just one of a number of critical vulnerabilities affecting core cloud services that the tech giant has confirmed this week. The good news is that none of them are known to have been exploited in the wild, none have been publicly disclosed, and there’s nothing you can do as a user to protect your environment.
“This vulnerability has already been fully mitigated by Microsoft.” -they say, so there’s no need to worry, we can sleep soundly.
You can find more information and details on the subject at the link below:
https://www.forbes.com/sites/daveywinder/2025/05/11/microsoft-confirms-critical-1010-cloud-security-vulnerability/
White Hat IT Security is a Europe-based Managed Security Services Provider (MSSP) and proud Microsoft Solution Partner. Its Microsoft-verified managed security solutions (MXDR) reflect their deep expertise and commitment to excellence in cybersecurity. The company was awarded the Partner of the Year Hungary Award by Microsoft in 2024.
With the largest incident response capacity in the CEE region, they’re trusted by organizations to deliver fast, effective, and proactive protection. Their portfolio includes penetration testing, vulnerability assessments, managed Cyber Threat Intelligence, as well as Governance, Risk and Compliance (GRC) consulting and specialized security training.
They are committed to supporting professional initiatives that aim to raise cybersecurity awareness and maturity—both for individuals and organizations. They regularly contribute to the community through knowledge sharing, education, and outreach, helping to build a safer digital future for all.
Special Feature – 10th Anniversary
Editor-in-Chief
Kim Chandler McDonald
Co-Founder and CEO of 3 Steps Data
Global VP at CyAN
An award-winning author and advocate for cybersecurity, compliance, and digital sovereignty. Kim drives global conversations on data governance and user empowerment.
Author
Saba Bagheri, PhD
Cyber Threat Intelligence Manager at Bupa
APAC Director at CyAN
CISM, CEH, and CRISC certified. Based in Sydney, she brings deep expertise in ATT&CK®-aligned SOC operations and CTI, contributing to global threat intelligence collaboration.
Welcome New Member – Samira Marquaille from France
Please welcome our newest member from France, Samira Marquaille Samira Marquaille is an IT Project Manager with more than 20 years of experience across both public and private sectors, with a strong focus on data privacy. She is skilled at uniting teams and fostering collaboration …