Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Many organizations have a vulnerability management (VM) problem without knowing it. Vulnerability management is a crucial component of any organization’s cybersecurity program and is required by most major compliance standards because of its sink-or-swim impact on network security. One of the biggest issues in VM is that organizations aren’t testing the entirety of their networks. Could yours be among them?

Companies are being warned that malicious hackers are using a novel technique to break into businesses - by pretending to offer audits of the company's cybersecurity. With ransomware and other cybersecurity threats high in the mind of many business owners, it is all too easy to imagine how many companies might react positively to an invitation to have the security of their networks tested.

Read also: Three arrested for hacking hospital CCTV and selling videos of female patients, hacker responsible for 90+ data breaches worldwide arrested in Thailand, and more.

How good is Symbolic AI as an automated expert system for analyzing code paths and detecting security vulnerabilities? Snyk Code is tested and demonstrates the benefits of rule-based, algorithmic systems.

AI has made good on its promise to deliver value across industries: 77% of senior business leaders surveyed in late 2024 reported gaining a competitive advantage from AI technologies. While AI tools allow developers to build and ship software more efficiently than ever, they also entail risk, as AI-generated code can contain vulnerabilities just like developer-written code. To enable speed and security, DevSecOps teams can adopt tools to integrate security tasks into developer workflows.

In this episode of Security Matters, we dive into the world of retail technology and cybersecurity. Imagine a bustling retail chain during its busiest shopping season, only to be disrupted by a cyberattack. Our guest, Jason James, Chief Information Officer (CIO) at Aptos Retail, shares his insights with host David Puner on how to stay ahead of these threats.

On February 12, 2025, Netskope Threat Labs reported a widespread phishing campaign using fake CAPTCHA images via Webflow CDN to trick victims searching for PDF documents on search engines. These PDF files lead to phishing sites designed to pilfer victims’ credit card and personal information. As we hunted for similar phishing campaigns, we discovered many more phishing PDF files with fake CAPTCHAs distributed across multiple domains.

Cloud security teams are often faced with an onslaught of noise from their detection tooling, making it nearly impossible to distinguish truly malicious threats from benign behaviors. Many threats will go uninvestigated simply because there aren’t enough analysts for the sheer amount of alerts, leaving organizations exposed to potential breaches.

Threat response is a cornerstone of cloud security, but its roots lie in the early days of antivirus software. Back then, responding to threats was fairly linear and straightforward — stop the malicious process, quarantine it, remove or delete if necessary, and move on. However, modern cloud environments have revolutionized how threats operate, making it clear just how much the game has changed.

Researchers at ReliaQuest have published a report on a phishing breach in the manufacturing sector that went from initial access to lateral movement in just 48 minutes. The attackers began by swamping users with spam emails, then posed as tech support and offered assistance in stopping the flood of spam. “To gain entry into the organization’s network, the threat actor used social engineering and end-user manipulation,” the researchers write.