SecDevOps: A Practical Guide to the What and the Why

The transition from DevOps to DevSecOps – and now to SecDevOps – signals more than a change in terminology. It underscores that security can no longer be an afterthought in the software development lifecycle. It must lead, setting the tone and structure for everything that follows. Such a shift is what defines SecDevOps. It’s a model where security is the starting point, not the final checkpoint, guiding the conceptual approach and day-to-day operations.

How agentic AI could transform enterprise workflows: Insights from MIT GenAI Lab

The line between human and machine is blurring—and it’s not a question of whether machines can do more, but how far we’re willing to let them go. The frontier lies in tackling the chaos and solving the fragmented processes that slow enterprises: siloed rulebooks, scattered pricing spreadsheets, and manual approvals.

What you need to know about the Krispy Kreme Data Breach

The popular doughnut and coffeehouse chain Krispy Kreme was established in 1937 in Winston-Salem, North Carolina. It has grown over the years and currently operates 1,500 shops and 17,900 points of access in 40 nations. Krispy Kreme has a workforce of more than 22,800 workers worldwide. It recently adopted a digital transformation initiative, which included online ordering modes for better operational efficiency.

Automation and AI in Cybersecurity: $2.22 Million in Savings

Over 2024, the average global cost of a data breach reached $4.88 million. This is 10% up from the previous year and the highest amount to date. These figures, published in the Cost of Data Breach Report 2024, also reveal that companies implementing artificial intelligence and automation in their cybersecurity strategies saved an average of $2.22 million compared to businesses that did not adopt them.

How to Prevent Phishing and Account Takeover from DNS Cache Poisoning in Real Time

For security teams, it’s no great revelation to say that DNS cache poisoning prevention is essential for guarding against attacks using that vector. But it’s easier said than done. While traditional network-layer defenses like DNSSEC reduce poisoning risk, they can’t fully prevent it. Downstream – after redirection – bad actors await, ready to harvest credentials, bypass MFA, and take over accounts.

What Every CISO Needs to Know About HIPAA and Online Tracking Technologies in 2025

In 2025, HIPAA enforcement has expanded beyond internal systems and EHRs to include what happens in users’ browsers. That means even seemingly harmless scripts — like ad pixels or analytics tags — can expose protected health information (PHI).

What To Know About the Aflac Cyber Attack

Aflac, one of the largest American insurance companies, reported that cybercriminals breached its systems on June 20, 2025. Suspicious activity first occurred on Aflac’s U.S. network on June 12, and Aflac initiated its incident response plan to contain the spread of the cyber attack within several hours. At the time of this writing, Aflac’s investigation is still in the early stages, and the insurance giant hasn’t reported on how many of its customers were affected.

Securing the Future of Generative AI: Why Security Can't Keep Pace with Innovation

By James Rees, MD, Razorthorn Security The artificial intelligence revolution isn’t coming. It’s here and it’s moving faster than anyone predicted. Children now trust ChatGPT more than their parents for information. AI-generated content is becoming indistinguishable from human work. Entire industries are being reshaped by technology that seemed like science fiction just a few years ago.

A 101 Guide to GDPR Vulnerability Assessment

The GDPR has compelled a shift in how companies manage personal data. At the heart of GDPR is the requirement to safeguard customer data from unauthorized access, loss, or alteration. GDPR vulnerability assessment is a basic requirement, whether you’re based in the EU or not. If you process the data of EU residents, this assessment isn’t optional.

Shift Security Left! Integrate Security Early in Your SDLC! #cybersecurity #securityteam

Mend.io, formerly known as Whitesource, has over a decade of experience helping global organizations build world-class AppSec programs that reduce risk and accelerate development -– using tools built into the technologies that software and security teams already love. Our automated technology protects organizations from supply chain and malicious package attacks, vulnerabilities in open source and custom code, and open-source license risks.