Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

As a security leader, you face an inevitable daily reality: a flood of alerts pouring in from dozens of different tools. Risky sign-ins are flagged in Microsoft 365, weak passwords are pinged from a vault audit, and a separate report identifies which employees failed the latest phishing simulation. While all this information is valuable, most leaders are unable to connect these separate data points to paint a clear, cohesive picture of an individual user’s overall risk.

Cybersecurity researchers uncovered what is being called the "mother of all breaches," a colossal dataset containing 16 billion login credentials, including user passwords for Google, Facebook, and Apple. To put that figure in context, the cache represents twice the current human population of the Earth. This event was not the result of a single breach, but likely a compilation of data stolen from multiple breaches over many years.

Domain-name system (DNS)- based cyber attacks are becoming increasingly complex, and AI will only make managing them even more challenging. According to a recent report, Chief Information Security Officers (CISOs) anticipate a tumultuous season of cyber threats, with low confidence in their abilities to defend against them effectively.

Your IT department just sent out its annual reminder to complete security awareness training. Employees dutifully clicked through their training modules, passed a short quiz, and checked off the compliance box for another year. Ask yourself, does this process really give you confidence that your organization is prepared to dispel today’s security threats? Well, the odds aren’t in your favor.

On June 4, Asana identified a bug in its Model Context Protocol (MCP) server and took the server offline to investigate. While the incident was not the result of an external attack, the bug could have exposed data belonging to Asana MCP users to users in other accounts.

Third-party cyber risk management (TPCRM) has emerged as a critical discipline, moving beyond traditional approaches to address the unique and evolving cyber threats posed by vendor relationships. This post explains the core tenets of TPCRM, outlines key requirements for ideal tools, and suggests implementation strategies for this new, important branch of cybersecurity.

Chroma is an open-source vector store–a database designed to allow LLM chatbots to search for relevant information when answering a user’s question–and one of many technologies that have seen adoption grow with the recent AI boom. Like many databases, Chroma can be configured by end users to lack authentication and authorization mechanisms.

How many times have you experienced this scenario at work? A hot new AI tool emerges, promising game-changing productivity and innovative features. You can’t wait to try it out in your own workflow. But what is often your security team’s first instinct? Block it.

Are you confident your vendors can withstand a cyber attack? If not, you should continuously evaluate your third-party security, especially if you’re sharing sensitive customer data across your vendor ecosystem. In this post, we break down the concepts of third-party security and provide an actionable roadmap for effectively strengthening this essential branch of cybersecurity across your organization.

Your vendors are essential partners, but they could also be your organization's biggest hidden security risk. A robust vendor review process is the key to ensuring onboarded vendors align with your cybersecurity standards and don't increase your likelihood of suffering a data breach. This guide outlines everything you need to know to build a structured, repeatable, and scalable vendor security review process.

The explosion of generative artificial intelligence tools is sparking a wave of enthusiasm in workplaces, with employees eagerly embracing new applications to boost productivity and innovation. However, this adoption often leads to a new phenomenon known as shadow AI—the use of artificial intelligence tools within an organization without explicit approval or oversight from IT and security teams. Unsanctioned use of AI creates significant (and often invisible) security blind spots.

Similar to Ollama and llama.cpp, LlamaIndex provides an application layer for connecting your data to LLMs and interacting with it through a chat interface. While LlamaIndex is an open source project like other LLM application frameworks, LlamaIndex is also a company, with a recent Series A, a commercial offering, and a more polished aesthetic than their strictly DIY counterparts.