Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

At CyberArk, the trust and security of our customers are at the heart of everything we do. Today, July 15th, we are addressing the publication of several Common Vulnerabilities and Exposures (CVEs) related to CyberArk Secrets Manager, Self-Hosted (formerly Conjur Enterprise) and Conjur Open Source (OSS). We regret the challenges this situation may pose to our customers and reaffirm our commitment to supporting them through the resolution process.

What does it take to stay calm in the face of constant cyber pressure—and why does that mindset matter more than ever? In this episode of Security Matters, host David Puner speaks with Den Jones, founder and CEO of 909Cyber, about his transition from enterprise chief security officer (CSO) to cybersecurity consultant.

Today we’re releasing findings from a statistical sample of over 2 million internet-exposed assets, across on-prem, cloud, APIs, and web apps, discovered and analyzed by the CyCognito platform.

Social media can work both for and against an organization, so it’s worth treating these sites as extensions of your attack surface. CompassDRP’s Social Media integration continuously monitors both corporate and employee profiles across platforms such as Twitter, LinkedIn, and Facebook. It automatically flags unauthorized or impersonating accounts that mimic executive identities or misuse company branding, helping to thwart phishing and fraud campaigns before they gain traction.

Among today's rising cyber threats, Pegasus spyware email has become one of the most famous names among the latest threats. Pegasus is a malware spy tool developed for extensive surveillance but has now been turned into the new wave of scams exerted by cybercriminals, especially through Pegasus spyware scam mails used to extort money from victims, claiming their devices had been hacked.

Embedding security within the Software Development Life Cycle (SDLC) is no longer just a best practice; it’s a full-on necessity. DevSecOps extends the DevOps model by making security a shared responsibility from the earliest stages of development. Today’s enterprises require this kind of integrated approach to streamline workflows from development to deployment.

Kubernetes Network Policies (KNP) are powerful resources that help secure and isolate workloads in a cluster. By defining what traffic is allowed to and from specific pods, KNPs provide the foundation for zero-trust networking and least-privilege access in cloud-native environments. But there’s a problem: KNPs are risky, and applying them without a clear game plan can be potentially disruptive.

AI should be capable of learning, generalizing, or spotting patterns beyond what’s been explicitly coded.

Let’s face it—cybersecurity is no longer a game of building taller walls or thicker locks. The old rules, the ones based on the idea that threats come only from outside, just don’t hold up anymore. In today’s digital world, where employees connect from anywhere, apps live in the cloud, and attackers can sit quietly inside your systems for weeks, trust has become a loaded word.

Cybersecurity professionals encounter two primary categories of denial-of-service threats: traditional denial of service (DoS) and distributed denial of service (DDoS) variants. DoS attacks stem from a single system, while DDoS campaigns leverage multiple machines to overwhelm the target. The fundamental difference? Scale and coordination complexity. Both DoS and DDoS attacks are a type of malicious attempt to disrupt services.