AI is transforming industries at an unprecedented pace. From generative AI tools revolutionizing creative work to AI assistants reshaping enterprise workflows, one thing is clear: this technology is no longer a nice-to-have; it’s a must-have. But what about DevSecOps - the teams tasked with safeguarding our modern apps and infrastructure and ensuring their reliability?

In today's digital landscape, organizations are increasingly reliant on internet-facing applications to conduct business and engage with customers. However, many organizations are unaware of the full extent of their internet exposure. Can you secure your organization if you do not know which internet-facing applications you own? Not effectively.

On the 18th of November 2024, Palo Alto published advisories disclosing two vulnerabilities affecting the Web Management Interface in PAN-OS. The most critical of these vulnerabilities is CVE-2024-0012 with a severity rating of 9.3. Exploitation of this vulnerability allows a remote, unauthenticated attacker with network access to the management web interface to gain PAN-OS administrator privileges.

Shadow IT refers to the use of information technology systems, devices, software, applications, and services without explicit approval from an organisation's IT department. While it sounds sinister, and has certain implications, it is not always done maliciously or with the intent of breaching security. It encompasses a wide range of digital activities where employees leverage unapproved tools to be more productive or achieve specific goals.

Cursor AI has quickly become the hot AI code editor, rapidly gaining popularity with developers looking to write code faster and more efficiently. But while Cursor accelerates coding, how can devs trust that Gen AI code is secure?

We’re excited to announce our status as a launch partner for Wiz Defend. The new solution from Wiz draws upon the power of Wiz Integration Network (WIN) partners to better detect and respond to cloud threats in real time. We were selected as a launch partner due to our leading workflow orchestration and automation capabilities, which seamlessly connect with Wiz Defend to empower customers and their SOC/Incident Response teams.

Cloud security operates on a different paradigm compared to traditional IT security. For example, it involves multiple contextual layers such as cloud services, containers and Kubernetes that require specialized insights. The challenge is even harder when the organization is affected by compliance requirements, and is compounded by the sheer volume of data that becomes a major concern for any organization. Failing to effectively manage it leads to costly inefficiencies and risks.

With DevSecOps, cybersecurity has become integrated into every phase of the software development lifecycle (SDLC). DevSecOps tools work across development, security, and operations siloes and enable these teams to work collaboratively, ensuring security vulnerabilities are addressed early and efficiently, reducing risks before they reach production.

Product Name: Dynamic Dashboard Vulnerability: Stored XSS Vulnerable Version: >= 3.0.0, < 3.0.1 CVE: CVE-2024-47817 Astra Security researchers identified a vulnerability in LocalAI, an Open-Source OpenAI alternative. The vulnerability, CVE-2024-9900, is a stored Cross-Site Scripting issue affecting the LocalAI v2.21.1 prompts, which allow malicious scripts and payloads to be input.

Product Name: Dynamic Dashboard Vulnerability: Stored XSS Vulnerable Version: >= 3.0.0, < 3.0.1 CVE: CVE-2024-47817 On October 5, 2024, the security researchers from Astra discovered a severe Stored Cross-Site Scripting vulnerability in Dynamic Dashboard’s paragraph widget. The widget, used for text and markdown, has inadequate input sanitization allowing attackers to inject malicious code.