Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Mitigating Attacks Before They Impact Infrastructure: Link11 provides next generation network DDoS protection

Link11, a leading European provider of cloud-based cybersecurity solutions, today announced the launch of its completely rebuilt Layer 3/4 DDoS mitigation solution, designed to address the growing complexity of modern network attacks. Today's DDoS attacks are not just simple volume or protocol attacks anymore. They can originate from compromised devices within trusted and legitimate networks, mimic real traffic, and appear in short, high-intensity bursts that leave little time for manual response.

June Release Rollup: Building Code Analyst, AI Assistant, and More

June's release brings a range of updates across Egnyte's platform, with the most notable addition being the Building Code Analyst, an AI-powered tool that helps AEC teams quickly surface relevant code requirements across jurisdictions. The release also includes Adaptive Block Caching (now generally available), expanded AI Assistant capabilities like agent mode and multi-file spreadsheet analysis, and several mobile improvements across iOS and Android.

CISO Executive Briefing: This Week's Threats, Priorities, Foresight & Execution

Cyber risk remains at an elevated baseline. Ransomware holds at “new normal” highs, state actors exploit supply chains and zero-days, and AI accelerates attacks. Last week’s signals confirm active exploitation of known vulnerabilities and credential/ICS exposure. Winning CISOs reduce attack surface at first principles, assume breach, and enforce continuous validation with measurable business outcomes.

Why Your Asset Counts Are Wrong (And What to Do About It)

If you've ever pulled an asset count from one tool and compared it to another, you've probably noticed they don't match. The discrepancy isn’t minor, either. The difference is likely to be substantial. One scanner says you have 4,200 assets. Your CMDB says 3,800. Your cloud inventory says 1,100. None of them agree, and none of them are right. That's not a data hygiene problem you can solve with a spreadsheet cleanup.

RBAC implementation: building effective role-based access control

Most organizations already run something they call role-based access control, yet permissions keep accumulating through ad hoc approvals and unreversed role transfers. RBAC holds up only when roles are designed from business functions and least privilege, validated against effective access first, and maintained through governance tied to HR-driven lifecycle events. Without that discipline, the model drifts back into access sprawl.

What is CEN/TS 18099? A guide to the injection attack detection standard

For years, the dominant threat against remote identity verification was the presentation attack: someone holding a printed photo up to a camera, wearing a mask, or playing a pre-recorded video on a phone screen. The industry responded with increasingly sophisticated anti-spoofing technology and vision-based detection models, and the standards to test their effectiveness followed. But many of today’s most sophisticated fraudsters don’t bother with the camera at all.

Autonomous AI Accelerates Cyberattacks and Shrinks Response Time

The biggest challenge in cybersecurity is no longer just detecting threats. It's doing so before time runs out. Artificial intelligence is no longer confined to automating isolated tasks within an attack. It is enabling threats to operate as continuous systems that can adapt, coordinate, and evolve in real time, drastically reducing the time security teams have to react. This shift is doing more than simply increasing the volume of offensive activity.

How to Meet EU Cyber Resilience Act (CRA) Requirements

In March 2026, attackers from the TeamPCP group compromised Trivy (CVE-2026-33634) — a widely-deployed open-source vulnerability scanner running in thousands of CI/CD pipelines — and turned it into a credential harvester. SSH keys, Kubernetes secrets, cloud tokens — secrets accessible to any pipeline that ran a compromised version — were exposed. The attacker retained access long enough to exfiltrate newly rotated secrets before the window closed.

Emerging Threat: (CVE-2026-55957) Apache Tomcat Authentication Bypass via JNDIRealm GSSAPI Binds

CVE-2026-55957 is a missing critical step in authentication in Apache Tomcat, present when the JNDIRealm is configured to authenticate binds using GSSAPI. The vulnerability carries a CVSS v3.1 base score of 9.8 (Critical), based on network attack vector, low attack complexity, no privileges required, and no user interaction.

Why You Should Back Up Your Terraform Configuration Code

SUMMARY – If you lose your.tf files, your Infrastructure as Code (IaC) stays up, but becomes entirely unmanaged.– Having a backup saves your team from weeks of manually reverse-engineering code to hit your RTO.– Your automated deployments rely entirely on the IaC—if the code vanishes, your CI/CD instantly stalls.– The Git commit history is the exact proof you need to pass strict audits like NIS2, SOC 2, and ISO 27001.– Setting up a dedicated Terraform backup means you c