Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Open-source repositories like npm and PyPI are instrumental in modern software development. They give developers access to countless libraries, accelerating innovation and shortening time-to-market. However, this convenience comes with a hidden cost. Lurking within these essential resources lie malicious packages. Left undetected, they can impact application integrity, compromise sensitive data and undermine organizational trust.

Hackread reports that attackers are abusing Google’s AppSheet platform to send phishing emails. The campaign was spotted by researchers at Raven, who warn that attackers are sending messages that impersonate AppSheet, informing users of phony trademark violations. Notably, the emails are sent from AppSheet’s legitimate infrastructure, making them more likely to bypass security controls and appear legitimate to human recipients.

Deploying Web Application and API Protection (WAAP) systems is crucial for bolstering cybersecurity defenses. Akamai reported 108 billion API attacks over 18 months, underscoring the value of APIs to cybercriminals. Like any new security measure, the initial deployment brings various challenges during the "Day One" process. These Day One challenges should not compromise security effectiveness or disrupt business operations.

In vulnerability management, every scan tells a story. The truth is that only some of those stories matter right now and that the challenge isn’t finding vulnerabilities. It’s knowing which ones are about to cost you. If you’re dealing with hundreds of vulnerabilities per asset, especially if you’ve adopted cloud solutions, you’re not alone. That’s become the norm. But you can’t patch everything, and you shouldn’t even try.

Cloud storage can offer us the best protection against data breaches, more privacy online, and a means to protect our photos, videos, and more to ensure we never lose access to our important files. However, due to the many options we have when choosing cloud storage, you may be left wondering which is the best cloud storage for sensitive data, and how these differ from the main cloud storage providers, such as Google or OneDrive.

On September 23, 2025, SolarWinds released a hotfix for a critical vulnerability impacting Web Help Desk (WHD), tracked as CVE-2025-26399. The vulnerability arises from a deserialization flaw in the AjaxProxy component that could allow a remote unauthenticated threat actor to achieve remote code execution. CVE-2025-26399 is the second bypass of a flaw originally disclosed last year as CVE-2024-28986 within WHD, with the first bypass being CVE-2024-28988.

Zenity, the leader in securing AI agents everywhere, is officially partnering with Slalom, a global business and technology consulting firm, who made the announcement today. This collaboration is designed to help enterprises safely and confidently adopt AI agents by combining Zenity’s robust security and governance platform with Slalom’s deep expertise in digital transformation and AI implementation.

For each of the past four years, ThreatQuotient a Securonix company has released one of the industry’s definitive research reports on security automation. During that time, we’ve tracked the evolution of automation adoption by thousands of cybersecurity professionals around the world, including key trends, challenges and strategies for automating security operations.

Last quarter, a manufacturing client reached out with a serious AWS cost optimization challenge. Their AWS bill had grown from $22,000 to $38,000 per month over eight months, with no business growth to justify the increase. The CFO was threatening to abandon their cloud initiative entirely. After conducting our comprehensive AWS cost optimization audit, we identified $200,000 in annual waste and eliminated it within one week. Here’s exactly what we found and how we fixed it.

Receiving recognition from one leading analyst firm is a notable achievement. When two firms acknowledge your leadership, it clearly establishes a consistent pattern of market dominance. Following its designation as an Overall Leader in the KuppingerCole 2025 Leadership Compass for API Security, Salt Security has achieved the highest rating in the 2025 EMA PRISM Report for API Security.