Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

For years, vulnerability management has followed a familiar pattern: discover assets, scan for CVEs, prioritize by severity, and remediate what you can. That model works, at least within the boundaries of systems you own. The problem is that most organizations no longer operate within those boundaries. Federal agencies especially depend on a complex ecosystem of SaaS platforms, software vendors, contractors, and open-source components.

The NIST AI Risk Management Framework is a guide that helps organizations spot and reduce risks in AI systems. This framework was released in January 2023 by the U.S. National Institute of Standards and Technology. The framework is built around four key steps, namely: Govern, Map, Measure, and Manage, and is meant to help teams responsibly use AI. It doesn’t matter which industry you work in or which AI you use; this framework works everywhere.

AI-assisted development helps teams write code faster, but that speed comes with added security risk. As agents generate more code, they can introduce vulnerabilities, insecure dependencies, or exposed secrets, often before a human reviewer ever sees the change. Security teams are left reviewing more code with the same resources, which makes it harder to catch issues early.

Mend.io’s new Docker Hardened Images integration brings DHI intelligence directly into the AppSec workflow, giving a smarter, faster path to container security. Container scanning has a noise problem. Run a standard scan against any production image, and you’ll surface thousands of CVEs.

Security teams are collecting more telemetry across endpoints, cloud workloads, and SaaS platforms, but the cost of bringing that data into the SIEM keeps rising. What used to be a straightforward operational decision has become a central budget challenge. Security teams are not struggling with collecting data, they are struggling with affording to keep it, and when ingestion cost drives visibility decisions, the SOC loses ground.

Staying ahead of sophisticated attackers requires a security platform that evolves at the speed of the threat landscape. Today’s attackers are AI-enabled, increasing the number of attacks and targeting vulnerabilities more quickly than ever. That's why we are excited to announce the Corelight Sensor v.29 release, a significant step forward in our mission to provide critical detections backed by the world's best network evidence.

Patch management is a crucial aspect of IT infrastructure administration, just as Windows Workstation backup. With the right patch management solution, you can enhance your system by testing or installing the latest software updates and patches. Patches are regarded as temporary fixes for existing issues between full-scale software releases. If patch management is effectively performed, you can promptly address vulnerabilities of your system and mitigate any potential threats.

VMware vSphere offers a wide range of storage-related features for virtual machines. In addition to VMware vSAN and Virtual Volumes, VMware I/O filters are effective for VM administration since they unlock advanced features for different scenarios. This blog post explains what VMware I/O filters are, how they work and when to use them. NAKIVO for VMware vSphere Backup Complete data protection for VMware vSphere VMs and instant recovery options. Secure backup targets onsite, offsite and in the cloud.

Cloudflare is accelerating its post-quantum roadmap. We now target 2029 to be fully post-quantum (PQ) secure including, crucially, post-quantum authentication.

Human risk management (HRM) focuses on one of the most persistent cybersecurity vulnerabilities: humans. Social engineering attacks that trick users into taking risky actions are a factor in 98% of cyberattacks not because they are technically complex, but because they manipulate employee behavior. Unlike traditional, one-size-fits-all security awareness training, human risk management focuses on changing employee behavior through monitoring and targeted reinforcement.