DSPM buyer’s guide: Top 10 data security posture management tools
Data security posture management (DSPM) explained Data security posture management (DSPM) tools help security teams examine […]
Microsoft previews automatic device isolation in Defender for Endpoint
Microsoft is previewing a new automatic device isolation capability in Defender for Endpoint’s auto attack disruption […]
GitHub Actions abused by Megalodon attack to slip malicious commits into 5,500 repos
A large-scale automated GitHub backdooring campaign was caught pushing thousands of malicious commits into public repositories […]
TrapDoor malware campaign puts developer workstations in CISO spotlight
A malicious package campaign across npm, PyPI, and Crates.io has put developer workstations back under scrutiny, […]
Stop treating AI governance as a review layer. Make it release infrastructure
I’ve spent years building compliance into security products. FedRAMP and Department of War Impact Level authorizations, […]
Vulnerabilities have become cyber attackers’ No. 1 door to the enterprise
Patching practices are coming under intense pressure of late, as time-to-exploit windows accelerate — a new […]
Security experts caution MFA alone can no longer stop threat actors
Cybersecurity experts are warning enterprise admins about an increasing number of phishing campaigns aimed at stealing […]
Project Glasswing has uncovered 10,000 vulnerabilities: Anthropic
Anthropic says it and upwards of 50 partners involved in Project Glasswing have uncovered an estimated […]
AI security needs a shift from models to systems, researchers argue
Enterprises cannot secure AI agents by making the underlying models more robust and must instead enforce […]
As AI speeds coding, CVE Lite CLI keeps security deliberately AI-free
As AI coding assistants accelerate software development, one OWASP-backed open-source project is arguing that dependency security […]