CrowdStrike Researchers Investigate the Threat of Patchless AMSI Bypass Attacks

Microsoft introduced AMSI (Antimalware Scan Interface) with Windows 10 in 2015. This interface standard allows third-party security products to be integrated with applications running on a Windows PC to improve detections for fileless and script-based attacks. Naturally, adversaries immediately began efforts to defeat AMSI.

KnowBe4 Collaborates with Microsoft: Strengthening Email Security Through Strategic Integration

In today's rapidly evolving threat landscape, cybercriminals are becoming increasingly sophisticated in their attack methodologies, particularly when it comes to email-based threats. Organizations worldwide are recognizing that a single-vendor approach to security, while valuable, may not provide the comprehensive protection needed to defend against the full spectrum of modern cyber threats.

Your Code Might Be Using Risky AI Models

Mend.io, formerly known as Whitesource, has over a decade of experience helping global organizations build world-class AppSec programs that reduce risk and accelerate development -– using tools built into the technologies that software and security teams already love. Our automated technology protects organizations from supply chain and malicious package attacks, vulnerabilities in open source and custom code, and open-source license risks.

All SSO security is not created equally

This blog has been adapted from a section of 1Password’s ebook: Why SSO is not enough for identity security. To read the complete ebook, click here. Single sign-on (SSO) solutions integrate with a company’s identity provider (IdP) to allow users to authenticate to multiple applications via a single log-in. By reducing the number of access points and employee credentials, SSO reduces a company’s attack surface.

ISO 27001 beyond IT: Building a culture of security across the enterprise

The digital era has spurred organizations to rethink how they protect sensitive data, necessitating a robust and holistic approach to security. Although ISO 27001 is widely recognized as a framework for managing IT security, forward-thinking leaders are discovering that its principles can be extended far beyond IT departments.

Planning for a Post-quantum World, Now!

One of the primary concerns occupying future-gazers within the technology industry is the impact that quantum advances will have upon established encryption methods. Quantum computing is advancing at pace, and alongside the enthusiasm for what that will enable is a practical concern for the way quantum processing might render some of today’s security approaches ineffective.

Cost Insights. Enhanced Alerts. Smarter Security. And More. Meet CurrentWare v11.0.1.

Modern workplaces need monitoring software that goes beyond activity reports - tools that optimize tech spend, strengthen security posture, and drive smarter outcomes. CurrentWare v11.0.1 is built to do exactly that. Whether you’re trying to cut costs, prove compliance, or prevent internal threats before they escalate, this update arms you with the tools to act faster and smarter. Ready to see how? Let's dive in. Unused software isn't just sitting idle; it's silently draining your budget.

Pre-Authenticated RCE Chain Disclosed in Sitecore XP

On June 17, 2025, watchTowr disclosed technical details for a pre-authenticated remote code execution (RCE) exploit chain in Sitecore Experience Platform (XP), an enterprise content management system. Although Sitecore released a fix for these vulnerabilities in May 2025, no official CVE identifiers have been assigned at this time. The three vulnerabilities are currently tracked as WT-2025-0024, WT-2025-0025, and WT-2025-0032 by watchTowr and impact Sitecore XP versions 10.1 through 10.4.

Beyond Compliance: Using ASPM to Align Application Security with Business Objectives

Are you confident that your application security testing (AST) efforts are truly protecting your business, or are they just ticking boxes for compliance? These days, simply meeting regulatory requirements isn’t enough. Security teams face mounting pressure from alert overload, fragmented tools, and an ever-growing backlog of vulnerabilities. Meanwhile, executives demand clear evidence that security investments are driving real business value. So how can security leaders bridge this gap?

Arctic Wolf Observes Social Engineering Campaign Targeting IT Staff of Healthcare Providers to Reset User Credentials

Arctic Wolf has identified a social engineering campaign targeting health care providers in the United States. Throughout multiple incidents, hospital help desks have received suspicious phone calls from unidentified individuals claiming to be doctors who had forgotten their password. When the callers were confronted with a request to verify their identities, including first name and department affiliation, the suspicious callers disconnected.