Shikha Dhingra

Kratikal Blogs – Information Hub For Cyber Security Experts

Cloud Security Posture Management (CSPM) focuses on managing risks in public cloud infrastructures. CSPM tools help identify and fix misconfigurations in cloud resources (like Amazon EC2 instances) through automation. By leveraging CSPM, organizations operating in public and multicloud environments can minimize the risk of breaches and enhance compliance with regulations ... Read More

Cloud security audit is essential to protect cloud-hosted applications and data from unauthorized access and theft. While cloud providers offer businesses the advantage of hosting apps and data with ease, this flexibility comes with security risks. A breach in cloud security can lead to significant financial and reputational damage, requiring ... Read More

On March 21, 2025, a critical authorization bypass vulnerability in Next.js, identified as CVE-2025-29927, was disclosed with a CVSS score of 9.1. This framework’s middleware handling flaw enables attackers to bypass authentication and authorization, exposing sensitive routes to unauthorized access. Exploiting this vulnerability does not require authentication, providing attackers with ... Read More

Despite advances in security technology, cybersecurity attacks and data breaches are increasingly common as attackers keep discovering new vulnerabilities and infiltration methods. Organizations now understand that a cyberattack or data breach is often inevitable—it’s typically a question of when, not if. The positive side is that cybersecurity crisis management plans ... Read More

Generative AI (GenAI) has emerged as a powerful tool for enterprises. However, a recent report by LayerX revealed a startling statistic: 89% of enterprise GenAI usage is invisible to organizations, exposing them to critical security risks. This blog delves into the report’s findings, its implications for data security, and the ... Read More

The Open Worldwide Application Security Project (OWASP) has just unveiled its Top 10 Non-Human Identities (NHI) Risks for 2025. While OWASP has long provided resources on application and API security, none have specifically addressed the unique challenges associated with NHIs. This new document bridges that gap, highlighting critical yet often ... Read More

Cloud pentesting involves manually or automatically exploiting vulnerabilities detected by a security expert or vulnerability scanner, simulating real-world hacker tactics to uncover weaknesses. By identifying these vulnerabilities, cloud providers and customers can strengthen data security and mitigate risks, preventing incidents like the February 2024 23andMe breach, which exposed the private ... Read More

In the constantly evolving world of cybersecurity, hackers continuously seek out vulnerabilities, exploit misconfigurations, and attempt to breach IT infrastructures. To counter these threats, vulnerability scanning tools serve as a crucial management solution, offering automated assessments and authenticated security scans across various systems, from endpoint devices to web applications. Vulnerability ... Read More

Red teaming is like staging a realistic rehearsal for a potential cyber attack to check an organization’s security resilience before they become actual problems. The exercise has three key phases: getting inside the system, maintaining their presence undetected, and acting to achieve their goals. The job is to test an ... Read More

APIs (Application Programming Interfaces) have become the backbone of modern software, enabling seamless communication between applications and services with efficiency and simplicity. As APIs play an increasingly vital role in today’s digital ecosystem, ensuring their security is more critical than ever. A key aspect of the Software Development Life Cycle ... Read More