Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Security teams today are inundated with findings from a dozen different tools. They’re dealing with everything from scanner alerts to bug bounty reports, often in different dashboards, formats, and workflows. Organizations use, on average, eight tools that generate exposure findings (Seemplicity Year in Review Report), and over 50% of security professionals say managing all that noise is a major challenge (The 2025 Remediation Operations Report).

Let’s catch up on the more interesting vulnerability disclosures and cyber security news gathered from articles across the web this week. This is what we have been reading about on our coffee break! A massive breach. Stand by for the phishing…

Researchers believe AI tools are fueling a dramatic 42% surge in the amount of leaked credentials circulating for sale on the dark web. Each year, automated scrapers and human-operated groups comb through dark web forums, paste sites, and underground marketplaces to collect and repackage hundreds of millions of username–password pairs. Many organizations remain unaware of the full scope of these leaks until it’s too late, because breach disclosures are often delayed or incomplete.

Discover how advanced audit logging enhances SSO security and visibility for Jira, Confluence, and Bitbucket. Learn why standard logs fall short and how detailed tracking ensures compliance and faster troubleshooting.

Automated brand impersonation protection has become a baseline requirement for digital security. As phishing operations scale across web domains, mobile app stores, social platforms, and ad networks, attackers are moving faster and operating more broadly than ever before. Traditional defenses – periodic scans, manual takedowns, post-incident analysis – are too slow and too shallow.

Our powerful new search feature vastly expands our existing SIEM functionality.

Vulnerability attacks often exploit gaps in outdated software, weak access controls, and user behavior. From remote login to enterprise VPNs, entry points vary, but risk is constant.

CVE-2024-7348, which was discovered by Noah Misch, is a race condition vulnerability affecting multiple versions of PostgreSQL when using the `pg_dump` utility. An attacker with sufficient privileges can exploit this vulnerability to execute arbitrary SQL commands with the permission of the user, which is typically a superuser, running the dump.

Over 2,200 cyberattacks hit businesses every day. Most exploiting known but unpatched vulnerabilities. These blind spots are why the average cost of a breach has climbed to $4.88 million, impacting not just finances but trust, compliance, and operations. One of the biggest signs you need a penetration test is the presence of undetected vulnerabilities lurking in your systems, despite existing security controls. Pen testing helps uncover these hidden risks before attackers do..

It’s become pretty standard to expect the help of AI with automating tasks, with penetration testing being no exception. As AI-driven tools grow more sophisticated, some have posed the question: could these systems render the traditional human pen tester obsolete entirely? We’ll explore the strengths and limitations of AI when it comes to offensive security and predict the role human red team expertise still has to play in an increasingly automated world.