Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

A real-world API vulnerability let a user change the asset type in a major crypto exchange—bypassing expected controls. Watch how a simple tweak to API parameters enabled unauthorized trades and exposed critical flaws. Learn why detailed schema validation and input checks are essential for protecting sensitive financial APIs.

Think you can tell cybersecurity heavyweights from sci-fi legends? @Etay Maor, Chief Security Strategist at Cato, thought so too, until a quote left him speechless (and slightly heartbroken). Watch on and test your own cyber + pop culture instincts.

What are false positives in cybersecurity — and why do they matter? In this video, we break down the concept of false positives: those annoying alerts that cry wolf when there’s no real threat. You’ll learn how they happen, the difference between false positives and false negatives, and the hidden costs they create for security teams. We’ll also walk through real-world examples, explore how false positives impact SOC efficiency, and share practical strategies to reduce them using better configurations, machine learning, and smarter alert triage.

Insider threats are one of the most underestimated cybersecurity risks facing organizations today—and they’re coming from the inside. In this video, we break down exactly what insider threats are, the different types (including malicious, negligent, and compromised insiders), and why they’re so hard to detect. You’ll also hear about real-world examples like Edward Snowden and the Capital One breach, and learn how businesses can protect themselves with practical, real-world strategies.

Think credit card fraud is the biggest threat to eCommerce? Think again. Loyalty fraud cost businesses $4B in 2024, and most companies didn't see it coming. Why? Because the attack vector isn't obvious. It's: Credential stuffing + password spraying Poorly managed APIs connecting loyalty platforms to 3rd parties No real-time detection when the bad guys cash in points for untraceable gift cards.

This week on the podcast, we discuss some recent research into a new zero day vulnerability in the popular WinRAR utility under active exploit. After that, we give a round up on everything we know about the SonicWall SSLVPN attacks from the last few weeks before ending with a review of a new ChatGPT vulnerability. The 443 Security Simplified is a weekly podcast that gets inside the minds of leading white-hat hackers and security researchers, covering the latest cybersecurity headlines and trends.

Discover how AI is transforming software development with tools like Cursor IDE and Mend.io. In this video, Alex explains how Cursor’s AI First Code Editor simplifies complex tasks, enabling both experienced and new developers to build sophisticated applications faster than ever. Mend.io takes this transformation a step further by seamlessly integrating SAST and SCA directly into the Cursor IDE. This powerful combination ensures that AI-generated code is secure from the moment it’s written, with Mend.io’s Igenic performing rapid scans without slowing down the development process.

Mend.io, formerly known as Whitesource, has over a decade of experience helping global organizations build world-class AppSec programs that reduce risk and accelerate development -– using tools built into the technologies that software and security teams already love. Our automated technology protects organizations from supply chain and malicious package attacks, vulnerabilities in open source and custom code, and open-source license risks.

AI isn’t ready for security ops. Especially not pen testing.#cybersecurity.

Opening an unsafe email attachment can put your personal data at serious risk. Watch this short video to learn how to check if an attachment is safe before clicking and what to do if you accidentally open a malicious file.