Software Security: Treat Vulnerabilities Like Regular Bugs! #cybersecurity #softwaresecurity

Mend.io, formerly known as Whitesource, has over a decade of experience helping global organizations build world-class AppSec programs that reduce risk and accelerate development -– using tools built into the technologies that software and security teams already love. Our automated technology protects organizations from supply chain and malicious package attacks, vulnerabilities in open source and custom code, and open-source license risks.

EP 10 - A new identity crisis: governance in the AI age

In this episode of Security Matters, host David Puner sits down with Deepak Taneja, co-founder of Zilla Security and General Manager of Identity Governance at CyberArk, to explore why 2025 marks a pivotal moment for identity security. From the explosion of machine identities—now outnumbering human identities 80 to 1—to the convergence of IGA, PAM, and AI-driven automation, Deepak shares insights from his decades-long career at the forefront of identity innovation.

Tackling Technical Debt to Secure and Streamline Federal Networks

In today’s dynamic threat landscape, technical debt isn’t just a budgeting headache—it’s a growing national security risk. According to McKinsey, technical debt consumes up to 20% of engineering and DevOps capacity across large enterprises. For U.S. federal agencies—defense and civilian alike—the cost of carrying outdated, unsupported infrastructure goes far beyond inefficiency.

From Chaos to Clarity: How to Modernize Vulnerability Management

Fragmented tools. Manual data wrangling. Burned-out teams. Sound familiar? In this expert roundtable with Trey Ford (CISO, Bugcrowd) and Jeff Gouge (CISO, Nucleus Security), we break down how today’s security leaders can transform vulnerability management from a chaotic, spreadsheet-driven burden into a unified, automated, and trusted function. Watch to learn.

Smarter API Security Demo: See How Wallarm Protects Modern APIs and Agentic AI

Modern APIs are under constant attack—from botnets to logic abuse to threats targeting Agentic AI. Most security tools lag behind. Wallarm doesn’t. Join us for a live walkthrough of Wallarm’s advanced API security platform. In this session you will see how to instantly discover vulnerable endpoints, protect business-critical flows, and stop API abuse—without slowing down your teams. What you'll learn.

Secrets Scanning: A Critical Practice for Protecting Sensitive Data in Code

With the rise of CI/CD pipelines, cloud-native development, and globally distributed teams, sensitive credentials like API keys, tokens, and database passwords often slip into source code. Sometimes accidentally, sometimes under pressure to deploy fast. This is not a rare mishap. A recent study found that 34% of API security incidents involve sensitive data exposure. And according to Cyble, over 1.5 million.env files containing secrets have been discovered in publicly accessible environments.

API Security Is a Business Problem-Not Just an IT One

APIs are more than technical components—they're business-critical assets. In this powerful moment, Jeremy Dodson lays out why frameworks aren't enough and why companies must treat API security as a core business priority. Security leaders: it’s time to shift your mindset and protect real data flows, not just check boxes.

Outdated Routers: The Hidden Threat to Network Security, FBI Warns

When was the last time you updated your router? If you’re not sure, you’re not alone, and this uncertainty could pose a serious risk to your business. The FBI recently warned that malicious actors are targeting end-of-life (EOL) routers (network devices that manufacturers no longer support or update). These outdated routers are being hijacked by bad actors who use them as a stepping stone into networks, turning them into cybercriminal proxies. The threat is real, and it’s growing.

DeepSeek Deception: Sainbox RAT & Hidden Rootkit Delivery

Netskope Threat Labs has discovered a campaign using fake installers to deliver the Sainbox RAT and Hidden rootkit. During our threat hunting activities, we encountered multiple installers disguised as legitimate software, including WPS Office, Sogou, and DeepSeek. These installers were mainly MSI files that were delivered via phishing websites. Both the phishing pages and installers were in Chinese, indicating that the targets are Chinese speakers.