Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

“In 2024, at least 35.5% of all data breaches originated from third-party compromises.” Join Aleksandr Yampolskiy (CEO & Co-Founder, SecurityScorecard) and Nick Schneider (President & CEO, Arctic Wolf) for this discussion on: SecurityScorecard monitors and scores over 12 million companies worldwide.

If you wouldn’t hand your house keys to a delivery driver, why hand your credentials to AI? In this Principles in Practice video, Anand Srinivas, VP of Product & AI at 1Password, explains a critical rule for secure AI use: Raw credentials should never be shared with large language models. Instead of sharing secrets, use them securely: Don’t send raw credentials over the data channel of a protocol like MCP Use proxies and secure autofill instead of sharing secrets Keep credentials out of prompts, embeddings, and fine-tuning data.

In Episode 5 of Corelight Defenders, I, Richard Bejtlich, engage with Corelight's co-founder and chief scientist, Vern Paxson, to delve into the intricate world of DNS covert channels. We explore how adversaries exploit DNS lookups to silently communicate within tightly controlled enterprise environments. Vern explains various methods attackers may use, from encoding data in seemingly benign domain names to manipulating the timing of requests. Our discussion highlights the challenges of detecting these covert channels, especially in the presence of network monitoring.

The Razorwire Christmas Party 2025 episode compares automation in law and cybersecurity, where junior roles shrink and the talent pipeline starts to break. AI pressure on tier one soc work in 2025 leaves new entrants with debt and fewer real training grounds, raising hard questions about the future of senior expertise.

The 2025 year in review reflects on research that shows daily grind and relentless tasks weigh more on the mind than rare major incidents. Flight deck style design offers a model for soc dashboards in 2025, where each instrument should cut cognitive load instead of drowning analysts in flashing warnings and clutter.

“The best way to compromise a ‘secure organization’ was to go find the things they didn’t know about.” Vulnerability management – within both the enterprise as well as the vendor ecosystem – is largely broken. Join Aleksandr Yampolskiy and HD Moore for this webinar discussing: SecurityScorecard monitors and scores over 12 million companies worldwide.

Safe Remediation is the process of turning validated exposure insights into coordinated, non-disruptive fixes across security controls ensuring teams can reduce risk quickly without breaking production. More specifically, Safe Remediation includes: Validation before enforcement Remediation without downtime Automated, coordinated action across controls Preemptive blocking of attacker infrastructure Safe-by-design automation Safe Remediation ensures that exposures are fixed quickly, automatically, and without operational risk – turning detection into trusted, validated action.