Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

“You’re inheriting 30 years of technical debt — it’s a Frankenstein system.” New tech can’t save the NHS unless someone untangles the mess underneath.

Credential stuffing attacks are one of the most persistent and damaging account-based threats facing security teams – and one of the hardest to detect. Most enterprises rely on server-side, post-login detection, which captures only successful login attempts. Failed attempts remain invisible, slowing time-to-detection and increasing the risk of successful account takeovers (ATOs). Why is this such a challenge? The reasons are many, as we’ll explore.

Is your SaaS company struggling to close those big enterprise deals? Chances are, they're asking for SOC 2 compliance – and for good reason! A staggering 82% of enterprises demand SOC 2 compliance from their SaaS vendors to mitigate data breach risks (Cloud Security Alliance, 2023). Without it, you're missing out on massive opportunities!

When evaluating AI agents for your SOC, it's not just about capabilities—it’s about control, oversight, and integration. In this clip, Philippe Tchakovski breaks down the most common mistakes security teams make when adopting AI: from fragile API integrations to missing guardrails and a lack of audit trails. Don’t deploy blindly—understand the risks before automation goes live.

David Weston, Corp Vice President of OS Security at Microsoft, joined us for Defender Fridays! He covered how we protect AI data and models on Windows devices outside of the data center, and how we use AI to find vulnerabilities in Windows.

Hayden Covington, SOC SecOps Lead at Black Hills Information Security, joined us for Defender Fridays to discuss preserving human-centered approaches in modern security operations.

Security isn’t a department. It’s a shared responsibility. To move from reactive to preventive, every product team needs embedded cyber expertise. Ange Ferrari, SVP and CISO at Metro AG, explains how decentralizing security enables scale and forces organizations to treat security as everyone's job, not just IT's. If you want to "shift left" for real, this episode is your playbook.

Did you know 95% of undetectable malware spreads through your browser? From Cross-Site Scripting (XSS) and CSRF to Clickjacking and drive-by downloads—web browser-based attacks are more common and more dangerous than ever. In this video, we break down how these attacks work, what causes them, and what you can do to stay protected—both as a user and a website owner.

API Gateways are a critical first line of defense in securing APIs—but can you rely on them alone? In this video, we break down how API Gateways work, what security features they offer, and why they’re not a complete solution.

Mend.io, formerly known as Whitesource, has over a decade of experience helping global organizations build world-class AppSec programs that reduce risk and accelerate development -– using tools built into the technologies that software and security teams already love. Our automated technology protects organizations from supply chain and malicious package attacks, vulnerabilities in open source and custom code, and open-source license risks.