Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Today, I’m excited to announce CrowdStrike’s agreement to acquire Onum, a leader in real-time telemetry pipeline management that will extend the CrowdStrike Falcon platform’s data advantage. Onum delivers the real-time data architecture to transform data in motion into high-fidelity intelligence, fueling CrowdStrike Falcon Next-Gen SIEM and powering the agentic SOC. This is a pivotal step forward in our mission to stop breaches.

On August 26, 2025, Nx, the popular build platform with millions of weekly downloads, was compromised with credential-harvesting malware. Using GitGuardian's monitoring data, we analyzed the exfiltrated credentials and reconstructed a fuller scope of exposure.

The old phrase “we’re only human, after all” is what cyber-adversaries are relying upon to gain access to intellectual property, data, and credentials. Adversaries prey on the humanity in us to read an unsolicited email, act out of a sense of urgency, or succumb to their scare tactics. We are bombarded with social engineering scams daily. Why do some of us fall victim while others see through veiled attempts at getting us to relinquish something of value?

In a bad dream, you open the closet. You think you know exactly what’s in there: a few SSH keys, a bunch of TLS certificates, and some secrets like API keys locked in what you believe to be a safe place. But pull it all out and suddenly you find yourself face-to-face with stacks of forgotten ciphers, drawers stuffed with expired certificates, and algorithms in use you thought teams had left behind in 2011. And that’s just for one application.

In this episode of Security Matters, host David Puner sits down with Matt Barker, CyberArk’s VP and Global Head of Workload Identity Architecture, for a deep dive into the exploding world of machine identities and the urgent need to rethink how to secure them.

If your organization collects personal information from Canadian residents—whether through e-commerce websites, SaaS applications, or marketing platforms—PIPEDA likely applies to you. The challenge? PIPEDA’s principles-based framework is intentionally broad, making it difficult for organizations to know where they stand. One of the most overlooked areas of compliance is the client-side of web applications, where third-party scripts, pixels, and tag managers quietly handle customer data.

Every audit turns up a few surprises. A missing patch here. A policy that was missing a few key processes. An employee training record that slipped through the cracks. Together all of these gaps tell a story: somewhere, a control isn’t doing what you expect. ‍ In GRC, we give those events names, issues, risks, and exceptions, and the way they connect is what separates a reactive program from a resilient one. ‍

Sr. Technical Content Strategist The LimaCharlie SecOps Cloud Platform, now available on Google Cloud Marketplace, delivers the building blocks enterprise SOCs need to integrate, customize, and manage security operations their way: API-First Architecture- Integrate existing solutions, telemetry sources, and third-party resources to standardize your security stack and centralize control over operations. Modular and Scalable- Deploy only the capabilities you need.

Coralogix is excited to announce a major enhancement to our Unified Threat Intelligence (UTI) capabilities – now with expanded IOC matching beyond IPs. While our earlier focus was primarily on detecting malicious IP addresses, threats have evolved. Attackers now hide behind encrypted traffic, disposable domains, and polymorphic files. To stay ahead, we’ve normalized new critical fields – JA3, JA4, domain, URL, and file hash and integrated them into our UTI engine.

Last night, our automated Aikido Intel system alerted us that potentially malicious code was detected in some packages within the @nx scope, which include packages with as many as ~6 million weekly downloads. The scope and impact of this breach are significant, as the attacker chose to publish the stolen data directly on GitHub, rather than sending it to their own servers. This means that there’s a SIGNIFICANT amount of credentials that are publicly available on GitHub.