Patrick Kelley to Speak at the 20th Annual API Cybersecurity Conference

Critical Path Security is proud to announce that our CEO, Patrick Kelley, has been selected to speak at the 20th Annual API Cybersecurity Conference for the Oil & Natural Gas Industry, taking place November 11-12, 2025, at The Woodlands Waterway Marriott in The Woodlands, Texas. Patrick will present his session, "Cybersecurity in Crisis: Managing Mental Health in High-Stress Environments," as part of the Addressing the Human Element track. This important discussion will focus on the often-overlooked mental health challenges faced by cybersecurity professionals-especially those tasked with defending critical infrastructure in high-pressure, high-stakes situations. The API Cybersecurity Conference is one of the premier gatherings for cybersecurity leaders in the oil and natural gas industry. Now in its 20th year, the event brings together industry experts, operators, and technology innovators to address the evolving security landscape and share solutions that strengthen resilience across the sector. Session Details: Title: Cybersecurity in Crisis: Managing…

0 Comments

Urgent Security Advisory: CVE-2025-20265 – Critical RCE Vulnerability (CVSS 10.0) in Cisco Secure FMC

Cisco has released a critical security update addressing an unauthenticated remote code execution (RCE) vulnerability-CVE-2025-20265-in its Secure Firewall Management Center (FMC) Software. With the maximum CVSS score of 10.0, this flaw demands immediate attention from network defenders. What's the Threat? This vulnerability resides in the RADIUS subsystem of Cisco Secure FMC, specifically affecting versions 7.0.7 and 7.7.0 when RADIUS authentication is enabled for either the web-based management interface or SSH access. Due to improper input handling during authentication, attackers can inject shell commands via crafted credentials, executed with high privilege on the target system. Why It's Alarming Maximum Severity (CVSS 10.0): Indicates easy exploitability with catastrophic impact. No Privileges Required: The attack requires no prior authentication or user interaction. High Impact on Availability & Integrity: If exploited, attackers gain full control over firewall management. No Workarounds Available: Only timely patching will eliminate this threat. No Known Exploits Yet: Cisco currently…

0 Comments

Measuring Fatigue, CPTD, and Burnout in Cybersecurity: Insights from BSidesAugusta 2025

Understanding the Hidden Threat of Burnout In the high-stakes world of cybersecurity, professionals - particularly those in SOC teams and cyber operations - can face relentless stress. Chronic fatigue, hypervigilance, and compassion fatigue are not just buzzwords - they're realities that quietly undermine team performance, resilience, and well-being. Yet too often, organizations lack the tools to measure or address these pressures effectively. A Practical Solution: The Copenhagen Burnout Inventory At BSidesAugusta 2025, Patrick Kelley, Founder and CEO of Léargas Security and Critical Path Security, will introduce an adapted version of the Copenhagen Burnout Inventory (CBI) tailored for cybersecurity teams. This open-source framework isn't theoretical-it's a usable, validated tool designed specifically for analysts, incident responders, and blue teams working in Managed SOC environments. What You'll Gain from the Session Attending this session provides practical value that organizations can act on immediately: Quantify BurnoutLearn how to measure fatigue, compassion fatigue (CPTD), and…

0 Comments

Guarding the Gateway: Strengthening Cybersecurity Hygiene in CRM Platforms

CRM Security: The Overlooked Risk At Critical Path Security, we're seeing the same dangerous pattern across industries: companies pour money into CRM platforms to power sales and marketing-but don't secure them like they do other business-critical systems. Your CRM isn't "just" a sales tool. It's a vault of customer identities, contact details, purchase history, contracts, and sometimes payment data. That makes it one of the most valuable targets for cybercriminals. When CRM security is overlooked, the consequences can be financial, reputational, and operational. Recent Breaches That Prove the Point Google Salesforce Breach via Vishing (June 2025)ShinyHunters (UNC6040) targeted Google with a voice-phishing campaign against employees with Salesforce access. Staff were tricked into installing a tampered Data Loader app, giving attackers access to SMB contact data. The breach was quickly contained-but it's proof that even the most secure companies can fall to targeted social engineering. Salesforce Integration Misconfigurations (2023)Several companies exposed…

0 Comments