Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Penetration testing (aka pentesting or ethical hacking) might sound intense—and honestly, it is—but think of it as your digital stress test. Ethical hackers mimic real cyberattacks on your systems to find weak spots before the bad guys do. The coolest part? Pen tests come in different flavors, each targeting specific risks. So, how do you know when it’s time for a pentest? How often should you schedule them? And which one is right for your business?

Read also: Europol’s largest-ever operation seizes millions in criminal assets, Italian teen arrested for hacking, and more.

AI is revolutionizing our lives in terms of productivity, automation, customer service, and more. AI is becoming so important that organizations increased spending on compute and storage hardware infrastructure for AI deployments by 37% year-over-year in the first half of 2024, reaching $31.8 billion. However, like most technological advances, the good often comes with the bad.

A strong reputation is vital for business success, influencing customer loyalty and spending decisions. When a brand’s reputation is damaged, customers often turn to competitors, which can reduce key metrics like lifetime customer value. Trust is central to a brand’s reputation. Customers expect their personal data to be secure, pricing to be fair, and services to be reliable. However, bot attacks undermine this trust.

In this episode of Trust Issues, host David Puner dives into the recent high-profile cyberattack on the U.S. Treasury Department. Joined by Andy Thompson, CyberArk Labs’ Senior Offensive Research Evangelist, and Joe Garcia, CyberArk’s Principal DevOps Solutions Engineer, they explore the timeline, details and implications of the attack. Discover proactive security recommendations, insights into zero-day vulnerabilities and the broader impact on federal cybersecurity.

DoD, GSA, and NASA recently published a proposed amendment to the Federal Acquisition Regulation (FAR): Controlled Unclassified Information (FAR Case 2017-016) or ‘FAR CUI Rule’. It presents critical updates on managing Controlled Unclassified Information (CUI) in federal contracts, aiming to create a uniform approach across government agencies for handling and protecting sensitive information while addressing gaps in current policies.

On January 22, 2025, SonicWall published a security advisory detailing an actively exploited remote command execution vulnerability in SMA1000 appliances. The critical-severity vulnerability, CVE-2025-23006, is a pre-authentication deserialization of untrusted data vulnerability that has been identified in the SMA1000 Appliance Management Console (AMC) and Central Management Console (CMC). If exploited, it could allow unauthenticated remote threat actors to execute arbitrary OS commands.

‍Embracing cyber risk management during a time in which the average cost of a data breach nearly surpasses $5 million is not merely a strategic option; it’s an absolute imperative. ‍ This calculated move, however, is not as straightforward as deploying an end-point detection solution, for example, or conducting monthly cybersecurity awareness sessions.

Show your customers and supply chain you can manage application risks with secure coding practices. Assess yours before it’s too late. Box-ticking approach to penetration tests is long gone. We help you identify, analyse and remediate vulnerabilities so you don’t see the same pentest report next time.

Last month, Semgrep announced major changes to its OSS project—strategically timed for a Friday, of course ;) Since 2017, Semgrep has been a cornerstone of the open-source security community, offering a code analysis engine and rule repository alongside its SaaS product. But their recent moves raise the question: what does “open” really mean?