Why did all eight detection tools identically fail where the SOC succeeded?
What all these organizations have in common is a balanced investment across the alert lifecycle, which doesn’t neglect their SOC.
This article examines how investing in the SOC is indispensable for organizations that have already allocated significant resources to detection tools. Additionally, a balanced SOC investment is crucial for maximizing the value of their existing detection investments.
A vulnerability in the ‘node-forge’ package, a popular JavaScript cryptography library, could be exploited to bypass signature verifications by crafting data that appears valid.
The flaw is tracked as CVE-2025–12816 and received a high severity rating. It arises from the library’s ASN.1 validation mechanism, which allows malformed data to pass checks even when it is cryptographically invalid.
“An interpretation-conflict vulnerability in node-forge versions 1.3.1 and earlier enables unauthenticated attackers to craft ASN.1 structures to desynchronize schema validations, yielding a semantic divergence that may bypass downstream cryptographic verifications and security decisions,” reads the flaw’s description in the National Vulnerabilities Database (NVD).
Multiple security vendors are sounding the alarm about a second wave of attacks targeting the npm registry in a manner that’s reminiscent of the Shai-Hulud attack.
The new supply chain campaign, dubbed Sha1-Hulud, has compromised hundreds of npm packages, according to reports from Aikido, HelixGuard, JFrog, Koi Security, ReversingLabs, SafeDep, Socket, Step Security, and Wiz. The trojanized npm packages were uploaded to npm between November 21 and 23, 2025. The attack has impacted popular packages from Zapier, ENS Domains, PostHog, and Postman, among others.
“The campaign introduces a new variant that executes malicious code during the preinstall phase, significantly increasing potential exposure in build and runtime environments,” Wiz researchers Hila Ramati, Merav Bar, Gal Benmocha, and Gili Tikochinski said.
Nvidia has confirmed that last month’s security updates are causing gaming performance issues on Windows 11 24H2 and Windows 11 25H2 systems.
To address these problems, the American technology company released the GeForce Hotfix Display Driver version 581.94.
“Lower performance may be observed in some games after updating to Windows 11 October 2025 KB5066835 [5561605],” Nvidia said in a support document published earlier this week.
“You should have a few good years ahead of you but I wouldn’t hold my Bitcoin,” Peronnin said, laughing. “They need to fork [move to a stronger blockchain] by 2030, basically. Quantum computers will be ready to be a threat a bit later than that,” he said.
Quantum doesn’t just threaten Bitcoin, of course, but all banking encryption. And it is likely that in all these cases companies are developing quantum resistant tools to upgrade their existing security systems.
Defensive security algorithms are improving, Peronnin said, so it’s not certain when the blockchain will become vulnerable to a quantum attack. But “the threshold for such an event is coming closer to us year by year,” he said.
Cloudflare is investigating an outage affecting its global network services, with users encountering “internal server error” messages when attempting to access affected websites and online platforms.
Cloudflare’s Global Network is a distributed infrastructure of servers and data centers located in over 330 cities across more than 120 countries, delivering content delivery, security, and performance optimization services.
It has 449 Tbps global network edge capacity and connects Cloudflare to over 13,000 networks, including every major ISP, cloud provider, and enterprise worldwide.