Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

When I read Eyal’s blog, Why FWaaS is the Only Way Out of Endless Appliance Patching, I imagined a time in the immediate now (oxymoron intended); a time where the word “patching” is as quaint as rotary phones. In my mind, I was Marty McFly, jumping out of the DeLorean, shocked to discover that in the year 2025, we’re still patching appliance boxes. But here’s the kicker: everything has changed. Except the way we think about patching.

Erlang/OTP ships with an SSH daemon that many telecom, IoT, Elixir/Phoenix, RabbitMQ and CouchDB deployments leave running for convenience. A flaw in how that daemon parses pre-authentication SSH protocol messages enables an attacker to break out of the key-exchange state machine and open an arbitrary channel before credentials are verified.

At first, hearing this common refrain from security leaders comes as a shock. But if you know about the limitations of legacy data loss prevention (DLP) solutions, this statement makes perfect sense. Legacy DLP can leave security teams with the assumption that they have full control over their data risk profile and vectors. In reality, blind spots can occur in any security configuration.

Last week, one of the biggest concerns in the cybersecurity industry created a crisis that was avoided at the last minute. On April 16th, 2025, the MITRE Corporation announced: “The current contracting pathway for MITRE to develop, operate, and modernize CVE and several other related programs, such as CWE, will expire.” Official letter from MITRE Corp announcing the implications and expiration of the CVE Program.

In today's fast-paced world of digital transformation, APIs serve as the backbone of modern applications, enabling innovation and efficient data sharing. Nevertheless, the rise in API usage has expanded the attack surface, making solid security protocols essential. This post delves into how the partnership between Salt Security and HCL AppScan API Security is transforming API governance, equipping organizations to actively manage API security through thorough discovery and contextual risk assessment.

Kubernetes ingress-nginx has disclosed a cluster of critical vulnerabilities—CVE-2025-1974, CVE-2025-1097, CVE-2025-1098, and CVE-2025-24514—impacting all controller releases prior to v1.11.5 / v1.12.1. The flaws stem from insufficient sanitization of Ingress annotations and admission-webhook inputs, allowing attackers to inject arbitrary NGINX directives into the auto-generated nginx.conf.

Africa has made huge strides in digital transformation in the past few years. For example, over 160 million Africans gained broadband internet access between 2019 and 2022. As the continent embraces digitalization, cybersecurity is becoming an increasingly pressing concern.

The recent Bybit hack, in which bad actors swooped in and made off with $1.5 billion worth of Ethereum, has sent shockwaves through the cryptocurrency industry. As one of the largest digital heists in history, it lays bare the vulnerabilities in crypto exchange security and the persistent threats from sophisticated actors. And yes, Bybit has assured its customers that their funds will be covered; the question is how these incidents happen in the first place.

The Software as a Service (SaaS) industry has seen both great expansion and notable downturns in recent years, with key market shifts redefining the landscape.As companies adapt to the shifting SaaS landscape, SOC 2 Compliance for SaaS has emerged as a key priority—not just as a checkbox for security, but as a signal of trustworthiness and a commitment to protecting customer data in an increasingly cautious market.

The digital age has introduced both immense opportunities and unprecedented challenges for businesses. Data is a powerful asset, yet managing its governance, security, and compliance requires intricate strategies and solutions. Leveraging artificial intelligence (AI) in these areas has become a game-changer in transforming how organizations of all sizes approach their data capabilities.