What is VAPT and why does my business need it?

VAPT (Vulnerability Assessment and Penetration Testing) is a security audit that identifies weaknesses in your website, application, or infrastructure before attackers can exploit them. Every business that handles customer data, processes payments, or operates web-facing applications needs regular VAPT scans — especially with the DPDP Act now mandating 'reasonable security safeguards' for all data fiduciaries in India.

How much does penetration testing cost in India?

Traditional penetration testing in India costs ₹25,000 to ₹5,00,000+ depending on scope. Bachao.AI offers AI-powered VAPT starting with a free scan, with detailed reports from ₹4,999. Our automated approach delivers the same depth as manual testing at a fraction of the cost, making enterprise-grade security accessible to startups and SMBs.

Is VAPT mandatory under the DPDP Act 2023?

The DPDP Act requires all Data Fiduciaries to implement 'reasonable security safeguards' to protect personal data. While VAPT is not explicitly named, it is the most widely accepted way to demonstrate compliance with this requirement. The Data Protection Board can impose penalties up to ₹250 crore for failure to implement adequate security measures. A VAPT report serves as documented proof of due diligence.

How long does a VAPT scan take?

Bachao.AI's automated VAPT scan typically completes in 1-2 hours depending on the size and complexity of your website or application. You receive a risk score and severity breakdown immediately. Detailed remediation reports with code-level fix suggestions are available within 24 hours for paid tiers.

Is the free VAPT scan really free? What's the catch?

Yes, the free scan is genuinely free — no credit card required, no sales calls afterwards. You get a risk score, severity breakdown, and your top critical findings at zero cost. The free scan uses the same tools and methodology as our paid reports. We offer it because we believe every Indian business deserves to know their security posture. Paid reports add detailed remediation steps, authenticated deep scans, and code-level fix suggestions.

How is my scan data secured?

Each scan runs in an isolated microVM with hardware-level separation — the same technology AWS Lambda uses. Scan artifacts are encrypted at rest (AES-256) and purged after 90 days by default. Reports are stored with end-to-end encryption. We never share scan data with third parties.

CVE-2023-39427: Why CAD Software Vulnerabilities Threaten Indian SMBs

What Happened

In March 2023, security researchers disclosed CVE-2023-39427, a critical vulnerability affecting Ashlar-Vellum's professional design and CAD software suite—specifically Cobalt, Xenon, Argon, Lithium, and Cobalt Share v12 SP0 Build 1204.77 and earlier versions.

The vulnerability stems from improper input validation when parsing XE (Ashlar-Vellum native) files. When a user opens a specially crafted XE file, the application fails to properly bounds-check user-supplied data, leading to an out-of-bounds write condition in memory. This allows an attacker to execute arbitrary code with the privileges of the current user—potentially giving them full control over the workstation.

What makes this particularly dangerous is the attack vector: XE files are commonly shared via email, cloud storage (Google Drive, Dropbox), and collaborative platforms. An attacker doesn't need to break into your network. They simply send a poisoned CAD file to your design team, and the moment someone opens it, the malware executes.

The vulnerability has a CVSS score of 8.8 (High) and affects thousands of engineering firms, architectural studios, and product design companies across India—from Bangalore's startup ecosystem to manufacturing hubs in Pune and Ahmedabad.

Why This Matters for Indian Businesses

Let me be direct: if your organization uses Ashlar-Vellum software, you're at immediate risk.

Here's why this is critical for Indian SMBs specifically:

Regulatory Exposure

Under the Digital Personal Data Protection (DPDP) Act, 2023, if a breach occurs through unpatched software, your organization could face:

Penalties up to ₹5 crore for failure to implement reasonable security measures
6-hour incident reporting mandate to CERT-In (as per CERT-In advisory guidelines)
Mandatory breach notification to affected individuals

If you're a manufacturer or engineering firm handling client designs, those CAD files often contain proprietary intellectual property. A breach isn't just a compliance issue—it's competitive espionage.

Real-World Impact for Indian Firms

In my years building enterprise systems, I've seen this pattern repeatedly: SMBs assume their specialized software is "too niche" to be targeted. That's a dangerous misconception. CAD software is actually a high-value target because:

Design files = IP theft: A competitor gaining access to your product designs is worth far more than stealing customer data
Supply chain leverage: Manufacturing firms using Ashlar-Vellum are often part of larger supply chains. A compromised workstation can be used as a pivot point to attack your customers
Ransomware staging ground: Attackers often use initial access (like this vulnerability) to establish persistence, then deploy ransomware weeks or months later

The CERT-In Angle

CERT-In (Indian Computer Emergency Response Team) has been increasingly strict about unpatched critical vulnerabilities. If you're a critical infrastructure vendor or work with government bodies, you're under heightened scrutiny. Even for commercial SMBs, the 6-hour reporting window means you need detection and response capabilities in place before an incident happens.

Attack Flow: How CVE-2023-39427 Works

Let me walk you through the technical mechanics:

graph TD
    A["Attacker crafts malicious XE file"] -->|embeds shellcode| B["File sent via email/cloud"]
    B -->|user downloads| C["Employee opens XE in Ashlar-Vellum"]
    C -->|parser reads file| D["Improper bounds checking
on user data"]
    D -->|out-of-bounds write| E["Memory corruption
overwrites heap/stack"]
    E -->|attacker controls| F["Code execution with
user privileges"]
    F -->|lateral movement| G["Access to network,
credentials, designs"]
    G -->|exfiltration| H["IP theft / Ransomware
deployment"]

Know your vulnerabilities before attackers do

Run a free VAPT scan — takes 5 minutes, no signup required.

Book Your Free Scan

Technical Breakdown

The Vulnerability in Detail

Root Cause: The XE file parser in Ashlar-Vellum v12 SP0 doesn't validate the size of input data before writing to a heap-allocated buffer.

Here's a simplified illustration of what's happening at the code level:

// Vulnerable code pattern (simplified)
void parse_xe_header(FILE *file) {
    char buffer[256];  // Fixed-size buffer
    int size = read_header_size(file);  // User-controlled value from file
    
    // BUG: No validation that size <= 256
    fread(buffer, 1, size, file);  // Out-of-bounds write if size > 256
    
    process_buffer(buffer);
}

If an attacker sets size = 1024 in the malicious XE file, the fread() call will write 1024 bytes into a 256-byte buffer, overflowing adjacent memory.

Exploitation Path

Heap spray: Attacker fills the heap with ROP (Return-Oriented Programming) gadgets
Overflow: Malicious XE file triggers the out-of-bounds write, overwriting a function pointer or vtable entry
Redirect execution: When the corrupted object is used, execution jumps to attacker-controlled code
Shellcode execution: Attacker's payload runs with the privileges of the Ashlar-Vellum process (typically the logged-in user)

On a Windows system, this typically means:

Access to all files the user can access
Ability to install malware, keyloggers, or backdoors
Potential to move laterally to network shares, databases, or cloud storage

How to Protect Your Business

Immediate Actions (This Week)

1. Identify Affected Systems

Run this PowerShell command on Windows machines to find Ashlar-Vellum installations:

powershell

# Find Ashlar-Vellum installations
Get-ChildItem -Path "C:\Program Files*" -Filter "*Ashlar*" -Recurse -ErrorAction SilentlyContinue | Select-Object FullName

# Check installed version
Get-ItemProperty HKLM:\Software\Microsoft\Windows\CurrentVersion\Uninstall\* | Where-Object {$_.DisplayName -like "*Ashlar*"} | Select-Object DisplayName, DisplayVersion

On Linux/Mac:

bash

# Find Ashlar-Vellum processes and installations
which vellum
ls -la /opt/ashlar* 2>/dev/null
ps aux | grep -i ashlar

2. Patch Immediately

Ashlar-Vellum has released patched versions:

Cobalt, Xenon, Argon, Lithium: Update to v12 SP1 or later
Cobalt Share: Update to the latest available build

Download patches from: https://www.ashlar.com/downloads/

3. Disable XE File Opening (Temporary)

If you can't patch immediately, configure file associations to prevent automatic opening:

bash

# On Windows, remove XE file association
reg delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xe" /f

# On Linux, remove XE from MIME types
xdg-mime default none application/x-vellum

Medium-Term Mitigations (This Month)

4. Email Gateway Controls

Block XE files at your email gateway:

# Example: Block .xe attachments in Microsoft 365
New-TransportRule -Name "Block XE Files" -AttachmentExtensionMatchesWords @("xe") -RejectMessageEnhancedStatusCode "5.7.1" -RejectMessageReasonText "XE files are not permitted due to security vulnerability CVE-2023-39427"

5. User Awareness Training

Briefing for your design and engineering teams:

Don't open XE files from untrusted sources
If you receive an unexpected XE file (even from a "known" contact), verify via phone call first
Report suspicious files to IT immediately

6. Monitor File Activity

If you're on Windows with endpoint detection, monitor for suspicious XE file operations:

powershell

# Log XE file access on Windows
auditpol.exe /set /subcategory:"File System" /success:enable /failure:enable

# Monitor for XE files created/modified in temp directories
Get-ChildItem -Path "C:\Users\*\AppData\Local\Temp" -Filter "*.xe" -Recurse -ErrorAction SilentlyContinue

Long-Term Security Posture

7. Principle of Least Privilege

Ensure design team members don't have admin rights. If Ashlar-Vellum is compromised, the attacker is limited to user-level access.

8. Network Segmentation

Isolate your CAD workstations from sensitive systems:

Design workstations should not have direct access to financial systems, HR databases, or customer data
Use a separate VLAN for design/engineering

9. Regular Patching Cadence

This won't be the last vulnerability in CAD software. Implement a monthly patching schedule:

bash

#!/bin/bash
# Weekly patch check script
echo "Checking for Ashlar-Vellum updates..."
curl -s https://www.ashlar.com/downloads/ | grep -i "version\|release" | head -5

How Bachao.AI Would Have Prevented This

When I was architecting security for large enterprises, we had a saying: "Detection beats prevention, but prevention beats everything." This vulnerability is a perfect example of why comprehensive security scanning matters.

Here's how Bachao.AI's platform would protect your organization:

1. VAPT Scan ✓

How it helps: Our vulnerability assessment would identify outdated Ashlar-Vellum installations across your network.

Detection: Automated scan flags v12 SP0 installations as critical
Cost: Free tier covers basic inventory; comprehensive VAPT at ₹1,999
Time to detect: Scan completes in 15-30 minutes
Real value: You'd know about this vulnerability before a malicious XE file arrived in your inbox

2. API Security ✓

How it helps: If your organization has custom integrations that process XE files (e.g., automated design review systems), our API security scanning would catch unsafe file handling:

python

# Example: Unsafe file processing that Bachao.AI would flag
from flask import Flask, request
app = Flask(__name__)

@app.route('/upload-design', methods=['POST'])
def upload_design():
    file = request.files['design']
    # VULNERABLE: No file type validation
    file.save(f'/designs/{file.filename}')  # Bachao.AI flags this
    return 'Uploaded'

# SECURE version
@app.route('/upload-design', methods=['POST'])
def upload_design_secure():
    file = request.files['design']
    # Whitelist file types
    if not file.filename.endswith(('.xe', '.vsd')):
        return 'Invalid file type', 400
    # Validate file magic bytes
    header = file.read(4)
    file.seek(0)
    if header != b'XE00':  # XE file magic number
        return 'Invalid XE file', 400
    file.save(f'/designs/{file.filename}')
    return 'Uploaded'

3. Dark Web Monitoring ✓

How it helps: If this vulnerability is being actively exploited, we'd see:

Exploit code being shared on hacker forums
Stolen design files being offered for sale
Your domain/company name mentioned in breach databases
Detection window: 24-48 hours of a new exploit appearing
Cost: Included in comprehensive security packages

4. Incident Response ✓

How it helps: If a compromise occurs despite preventive measures:

24/7 breach response team on standby
CERT-In notification filed within the mandatory 6-hour window
Evidence preservation for forensics and legal proceedings
Lateral movement detection to identify what else the attacker accessed
Cost: ₹49,999 for incident response engagement

5. Security Training ✓

How it helps: Your team is your first line of defense:

Phishing simulations with malicious file attachments
Custom training on CAD file security
Incident response drills to test your team's awareness
Cost: ₹15,000 for quarterly awareness program

The Bottom Line

CVE-2023-39427 is a reminder that specialized software is not immune to critical vulnerabilities. In fact, because CAD software is often overlooked in security planning, it becomes a high-value target for attackers.

For Indian SMBs, the stakes are particularly high:

Regulatory: DPDP Act penalties are real and substantial
Competitive: Your designs are your most valuable asset
Operational: A ransomware attack triggered by this vulnerability could halt your entire business

The good news? The fix is straightforward: patch to v12 SP1 or later this week. But patching is just the beginning. You need visibility into your attack surface, monitoring for suspicious activity, and a response plan if the worst happens.

This is exactly why I built Bachao.AI—to make enterprise-grade security accessible to SMBs who don't have a dedicated security team. You shouldn't need a 10-person security operations center to stay protected.

Book your free VAPT scan today to identify vulnerabilities like this across your entire infrastructure. We'll map your exposure and give you a prioritized remediation plan—no sales pitch, just actionable security intelligence.

Originally reported by NIST NVD (CVE-2023-39427). This article was written by the Bachao.AI research team. We analyze cybersecurity incidents daily to help Indian businesses stay protected. Have questions about your security posture? Schedule a free 30-minute consultation with our team.

Written by Shouvik Mukherjee, Founder & CEO of Bachao.AI. Follow me on LinkedIn for daily cybersecurity insights for Indian businesses.

CVE-2023-39427: Why CAD Software Vulnerabilities Threaten Indian SMBs

What Happened

Why This Matters for Indian Businesses

Let me be direct: if your organization uses Ashlar-Vellum software, you're at immediate risk.

Here's why this is critical for Indian SMBs specifically:

Regulatory Exposure

Under the Digital Personal Data Protection (DPDP) Act, 2023, if a breach occurs through unpatched software, your organization could face:

Penalties up to ₹5 crore for failure to implement reasonable security measures
6-hour incident reporting mandate to CERT-In (as per CERT-In advisory guidelines)
Mandatory breach notification to affected individuals

Real-World Impact for Indian Firms

Design files = IP theft: A competitor gaining access to your product designs is worth far more than stealing customer data
Supply chain leverage: Manufacturing firms using Ashlar-Vellum are often part of larger supply chains. A compromised workstation can be used as a pivot point to attack your customers
Ransomware staging ground: Attackers often use initial access (like this vulnerability) to establish persistence, then deploy ransomware weeks or months later

The CERT-In Angle

Attack Flow: How CVE-2023-39427 Works

Let me walk you through the technical mechanics:

graph TD
    A["Attacker crafts malicious XE file"] -->|embeds shellcode| B["File sent via email/cloud"]
    B -->|user downloads| C["Employee opens XE in Ashlar-Vellum"]
    C -->|parser reads file| D["Improper bounds checking
on user data"]
    D -->|out-of-bounds write| E["Memory corruption
overwrites heap/stack"]
    E -->|attacker controls| F["Code execution with
user privileges"]
    F -->|lateral movement| G["Access to network,
credentials, designs"]
    G -->|exfiltration| H["IP theft / Ransomware
deployment"]

Know your vulnerabilities before attackers do

Run a free VAPT scan — takes 5 minutes, no signup required.

Book Your Free Scan

Technical Breakdown

The Vulnerability in Detail

Root Cause: The XE file parser in Ashlar-Vellum v12 SP0 doesn't validate the size of input data before writing to a heap-allocated buffer.

Here's a simplified illustration of what's happening at the code level:

// Vulnerable code pattern (simplified)
void parse_xe_header(FILE *file) {
    char buffer[256];  // Fixed-size buffer
    int size = read_header_size(file);  // User-controlled value from file
    
    // BUG: No validation that size <= 256
    fread(buffer, 1, size, file);  // Out-of-bounds write if size > 256
    
    process_buffer(buffer);
}

If an attacker sets size = 1024 in the malicious XE file, the fread() call will write 1024 bytes into a 256-byte buffer, overflowing adjacent memory.

Exploitation Path

Heap spray: Attacker fills the heap with ROP (Return-Oriented Programming) gadgets
Overflow: Malicious XE file triggers the out-of-bounds write, overwriting a function pointer or vtable entry
Redirect execution: When the corrupted object is used, execution jumps to attacker-controlled code
Shellcode execution: Attacker's payload runs with the privileges of the Ashlar-Vellum process (typically the logged-in user)

On a Windows system, this typically means:

Access to all files the user can access
Ability to install malware, keyloggers, or backdoors
Potential to move laterally to network shares, databases, or cloud storage

How to Protect Your Business

Immediate Actions (This Week)

1. Identify Affected Systems

Run this PowerShell command on Windows machines to find Ashlar-Vellum installations:

powershell

# Find Ashlar-Vellum installations
Get-ChildItem -Path "C:\Program Files*" -Filter "*Ashlar*" -Recurse -ErrorAction SilentlyContinue | Select-Object FullName

# Check installed version
Get-ItemProperty HKLM:\Software\Microsoft\Windows\CurrentVersion\Uninstall\* | Where-Object {$_.DisplayName -like "*Ashlar*"} | Select-Object DisplayName, DisplayVersion

On Linux/Mac:

bash

# Find Ashlar-Vellum processes and installations
which vellum
ls -la /opt/ashlar* 2>/dev/null
ps aux | grep -i ashlar

2. Patch Immediately

Ashlar-Vellum has released patched versions:

Cobalt, Xenon, Argon, Lithium: Update to v12 SP1 or later
Cobalt Share: Update to the latest available build

Download patches from: https://www.ashlar.com/downloads/

3. Disable XE File Opening (Temporary)

If you can't patch immediately, configure file associations to prevent automatic opening:

bash

# On Windows, remove XE file association
reg delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xe" /f

# On Linux, remove XE from MIME types
xdg-mime default none application/x-vellum

Medium-Term Mitigations (This Month)

4. Email Gateway Controls

Block XE files at your email gateway:

# Example: Block .xe attachments in Microsoft 365
New-TransportRule -Name "Block XE Files" -AttachmentExtensionMatchesWords @("xe") -RejectMessageEnhancedStatusCode "5.7.1" -RejectMessageReasonText "XE files are not permitted due to security vulnerability CVE-2023-39427"

5. User Awareness Training

Briefing for your design and engineering teams:

Don't open XE files from untrusted sources
If you receive an unexpected XE file (even from a "known" contact), verify via phone call first
Report suspicious files to IT immediately

6. Monitor File Activity

If you're on Windows with endpoint detection, monitor for suspicious XE file operations:

powershell

# Log XE file access on Windows
auditpol.exe /set /subcategory:"File System" /success:enable /failure:enable

# Monitor for XE files created/modified in temp directories
Get-ChildItem -Path "C:\Users\*\AppData\Local\Temp" -Filter "*.xe" -Recurse -ErrorAction SilentlyContinue

Long-Term Security Posture

7. Principle of Least Privilege

Ensure design team members don't have admin rights. If Ashlar-Vellum is compromised, the attacker is limited to user-level access.

8. Network Segmentation

Isolate your CAD workstations from sensitive systems:

Design workstations should not have direct access to financial systems, HR databases, or customer data
Use a separate VLAN for design/engineering

9. Regular Patching Cadence

This won't be the last vulnerability in CAD software. Implement a monthly patching schedule:

bash

#!/bin/bash
# Weekly patch check script
echo "Checking for Ashlar-Vellum updates..."
curl -s https://www.ashlar.com/downloads/ | grep -i "version\|release" | head -5

How Bachao.AI Would Have Prevented This

Here's how Bachao.AI's platform would protect your organization:

1. VAPT Scan ✓

How it helps: Our vulnerability assessment would identify outdated Ashlar-Vellum installations across your network.

Detection: Automated scan flags v12 SP0 installations as critical
Cost: Free tier covers basic inventory; comprehensive VAPT at ₹1,999
Time to detect: Scan completes in 15-30 minutes
Real value: You'd know about this vulnerability before a malicious XE file arrived in your inbox

2. API Security ✓

How it helps: If your organization has custom integrations that process XE files (e.g., automated design review systems), our API security scanning would catch unsafe file handling:

python

# Example: Unsafe file processing that Bachao.AI would flag
from flask import Flask, request
app = Flask(__name__)

@app.route('/upload-design', methods=['POST'])
def upload_design():
    file = request.files['design']
    # VULNERABLE: No file type validation
    file.save(f'/designs/{file.filename}')  # Bachao.AI flags this
    return 'Uploaded'

# SECURE version
@app.route('/upload-design', methods=['POST'])
def upload_design_secure():
    file = request.files['design']
    # Whitelist file types
    if not file.filename.endswith(('.xe', '.vsd')):
        return 'Invalid file type', 400
    # Validate file magic bytes
    header = file.read(4)
    file.seek(0)
    if header != b'XE00':  # XE file magic number
        return 'Invalid XE file', 400
    file.save(f'/designs/{file.filename}')
    return 'Uploaded'

3. Dark Web Monitoring ✓

How it helps: If this vulnerability is being actively exploited, we'd see:

Exploit code being shared on hacker forums
Stolen design files being offered for sale
Your domain/company name mentioned in breach databases
Detection window: 24-48 hours of a new exploit appearing
Cost: Included in comprehensive security packages

4. Incident Response ✓

How it helps: If a compromise occurs despite preventive measures:

24/7 breach response team on standby
CERT-In notification filed within the mandatory 6-hour window
Evidence preservation for forensics and legal proceedings
Lateral movement detection to identify what else the attacker accessed
Cost: ₹49,999 for incident response engagement

5. Security Training ✓

How it helps: Your team is your first line of defense:

Phishing simulations with malicious file attachments
Custom training on CAD file security
Incident response drills to test your team's awareness
Cost: ₹15,000 for quarterly awareness program

The Bottom Line

For Indian SMBs, the stakes are particularly high:

Regulatory: DPDP Act penalties are real and substantial
Competitive: Your designs are your most valuable asset
Operational: A ransomware attack triggered by this vulnerability could halt your entire business

Written by Shouvik Mukherjee, Founder & CEO of Bachao.AI. Follow me on LinkedIn for daily cybersecurity insights for Indian businesses.

CVE-2023-39427: Why CAD Software Vulnerabilities Threaten Indian SMBs

CVE-2023-39427: Why CAD Software Vulnerabilities Threaten Indian SMBs

What Happened

Why This Matters for Indian Businesses

Regulatory Exposure

Real-World Impact for Indian Firms

The CERT-In Angle

Attack Flow: How CVE-2023-39427 Works

Technical Breakdown

The Vulnerability in Detail

Exploitation Path

How to Protect Your Business

Immediate Actions (This Week)

1. Identify Affected Systems

2. Patch Immediately

3. Disable XE File Opening (Temporary)

Medium-Term Mitigations (This Month)

4. Email Gateway Controls

5. User Awareness Training

6. Monitor File Activity

Long-Term Security Posture

7. Principle of Least Privilege

8. Network Segmentation

9. Regular Patching Cadence

How Bachao.AI Would Have Prevented This

1. VAPT Scan ✓

2. API Security ✓

3. Dark Web Monitoring ✓

4. Incident Response ✓

5. Security Training ✓

The Bottom Line

Bachao.AI Research Team

Get cybersecurity insights for Indian SMBs

Related Articles

Dell VMware Storage Tools Flaw Exposes Encryption Keys: What Indian

CVE-2023-39936: How a Design Software Flaw Puts Your Data at Risk

macOS Root Privilege Flaw: Why Indian SMBs Using Apple Must Act Now

Ready to secure your business?

CVE-2023-39427: Why CAD Software Vulnerabilities Threaten Indian SMBs

CVE-2023-39427: Why CAD Software Vulnerabilities Threaten Indian SMBs

What Happened

Why This Matters for Indian Businesses

Regulatory Exposure

Real-World Impact for Indian Firms

The CERT-In Angle

Attack Flow: How CVE-2023-39427 Works

Technical Breakdown

The Vulnerability in Detail

Exploitation Path

How to Protect Your Business

Immediate Actions (This Week)

1. Identify Affected Systems

2. Patch Immediately

3. Disable XE File Opening (Temporary)

Medium-Term Mitigations (This Month)

4. Email Gateway Controls

5. User Awareness Training

6. Monitor File Activity

Long-Term Security Posture

7. Principle of Least Privilege

8. Network Segmentation

9. Regular Patching Cadence

How Bachao.AI Would Have Prevented This

1. VAPT Scan ✓

2. API Security ✓

3. Dark Web Monitoring ✓

4. Incident Response ✓

5. Security Training ✓

The Bottom Line

Bachao.AI Research Team

Get cybersecurity insights for Indian SMBs

Related Articles

Dell VMware Storage Tools Flaw Exposes Encryption Keys: What Indian

CVE-2023-39936: How a Design Software Flaw Puts Your Data at Risk

macOS Root Privilege Flaw: Why Indian SMBs Using Apple Must Act Now

Ready to secure your business?