Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Let’s catch up on the more interesting vulnerability disclosures and cyber security news gathered from articles across the web this week. This is what we have been reading about on our coffee break! It will only ever go upwards…

Every DevSecOps, cloud security and even AppSec team knows the feeling: scanners flag hundreds – sometimes thousands – of critical issues across your pipelines, environments and apps. But how many of those findings actually matter? How many represent real, immediate risk to applications running in production? The uncomfortable answer? Very few. At ARMO, we’ve seen firsthand how over 60% of security findings are irrelevant hypothetical risks that will never be exploited.

Researchers at Bitdefender warn of a wave of social engineering attacks targeting WhatsApp accounts. The attacks begin with automated phone calls that instruct users to add a specific phone number to their WhatsApp contacts. The call then ends abruptly. The scammers are doing this to gather potential targets for future attacks. Most people will ignore the calls, but those who do add the number to their contacts will be more likely to fall for additional social engineering attacks.

Cybersecurity has long focused on fortifying networks, securing endpoints and blocking malicious code. Yet one of the most persistent and costly security vulnerabilities isn’t technical — it’s human. Employees routinely fall for phishing scams, mishandle sensitive data or unintentionally violate security policies. While most people don’t mean to cause harm, their behavior still introduces significant cyber risk to the organization.

AI is reshaping software development quickly. From boilerplate generation to test automation and refactoring, LLMs like the one behind Cursor are transforming how developers build. But with great power comes a new generation of vulnerabilities. At Mend.io, we’re excited to announce a native integration with Cursor, the IDE taking the dev world by storm.

“CISOs and SOC analysts are fighting the same war, but too often, one’s answering to the board while the other’s drowning in alerts.” Security teams rarely fail because of a lack of skill or commitment. They fail when the coordination layer between the boardroom and the SOC starts to unravel.

Align your AI pipelines with OWASP AI Testing principles using GitGuardian’s identity-based insights to monitor, enforce, and audit secrets and token usage.

We are thrilled to announce that Syteca’s account discovery feature now supports Linux systems, expanding its capabilities to provide comprehensive visibility across hybrid IT environments.

Having spent over two decades navigating the evolving landscape of service provider partnerships, I’ve witnessed firsthand how challenging it can be for providers to maintain profitability and differentiation. Increasingly, relying on legacy vendors feels akin to selling customers a shiny new car equipped with an outdated engine—appealing at first glance but disappointing once in use.

When was the last time you updated your router? If you’re not sure, you’re not alone, and this uncertainty could pose a serious risk to your business. The FBI recently warned that malicious actors are targeting end-of-life (EOL) routers (network devices that manufacturers no longer support or update). These outdated routers are being hijacked by bad actors who use them as a stepping stone into networks, turning them into cybercriminal proxies. The threat is real, and it’s growing.