What does 'software reachability granularity' really mean 2nd Episode

Mend.io, formerly known as Whitesource, has over a decade of experience helping global organizations build world-class AppSec programs that reduce risk and accelerate development -– using tools built into the technologies that software and security teams already love. Our automated technology protects organizations from supply chain and malicious package attacks, vulnerabilities in open source and custom code, and open-source license risks.

Exposing the Blind Spots: CrowdStrike Research on Feedback-Guided Fuzzing for Comprehensive LLM Testing

The increasing deployment of large language models (LLMs) in enterprise environments has created a pressing need for effective security testing methods. Traditional approaches, relying heavily on predefined templates, are limited in comparison to adaptive attacks — particularly those related to prompt injection attacks. This limitation becomes especially critical in high-performance computing environments where LLMs process thousands of requests per second.

ThreatQuotient to join Securonix

Today is a big day for the Crash. We are announcing the next step in our collective journey – Securonix has acquired ThreatQuotient. This is an exciting and rare opportunity to combine Securonix’s best-in-class security analytics and detection with ThreatQ’s best-in-class threat intelligence platform. As we all know, the security operations world is changing at a dramatic pace.

What To Know About the UNFI Cyber Attack

On June 9, 2025, United Natural Foods, Inc. (UNFI) – a major organic food distributor and the main grocery supplier for Whole Foods Market – reported a cyber attack. UNFI first discovered unauthorized activity in its IT systems on June 5 and immediately took some systems offline. At the time of this writing, the investigation is ongoing as officials assess the full impact of the breach.

Brivo Access: How to Create Incidents With Incident Management

As a security team member, being able to quickly create and document incidents is crucial for efficient troubleshooting and accurate record-keeping. Incident Management helps streamline evidence gathering, including pulling relevant footage. It minimizes manual documentation, and helps customers resolve incidents fast. This video will show you how to create a new incident from an event, and how to link an event to an existing incident.

Cato CTRL Threat Research: Uncovering Nytheon AI - A New Platform of Uncensored LLMs

With the introduction of WormGPT in 2023, threat actors have been using uncensored large language models (LLMs) for malicious activities. Following the shutdown of WormGPT in the same year, numerous alternatives have emerged—including BlackHatGPT, FraudGPT, and GhostGPT, among others—primarily accessible through Telegram channels.

Arctic Wolf Observes Organizations Receiving Unsolicited Microsoft MFA Messages

Arctic Wolf has recently observed customers receiving unsolicited Microsoft multi-factor authentication (MFA) text messages. These messages originate from legitimate Microsoft short code numbers; however, the source and intent have not been confirmed. This issue appears widespread, affecting organizations across multiple industry verticals. Example of Text Message It is currently unclear whether this activity is due to a systemic issue on Microsoft’s side or part of a malicious campaign.

Keeper Security Named Overall Leader in 2025 GigaOm Radar Report for Enterprise Password Management

GigaOm, a renowned technology analyst firm, has recognized Keeper Security as the Overall Leader in Enterprise Password Management for the fourth year in a row. The GigaOm 2025 Radar Report for Enterprise Password Management highlights Keeper’s Privileged Access Management (PAM) solution, KeeperPAM, which helps organizations secure passwords, credentials, secrets and connections to mitigate cyber risks and defend against internal and external threats.

CISO Spotlight: Rick Bohm on Building Bridges, Taming AI, and the Future of API Security

Nestled in a log cabin high in the Rocky Mountains, Rick Bohm starts his day the same way he’s approached his career: intentionally, with a quiet commitment to learning and action. Boasting more than three decades of cybersecurity experience, Rick has watched tech evolve from dial-up ISPs to advanced AI-driven security architectures – and through it all, he’s focused on one enduring mission: protecting data, organizations, and people.

AI-automated Fuzzing Uncovers Two More Vulnerabilities in wolfSSL

Daniel Pouzzner from wolfSSL has challenged us to find 3 more vulnerabilities in the wolfSSL library, after we found the first one in October 2024. We weren't quite able to find three, but here are the additional two that we found: Both vulnerabilities were fixed in wolfSSL version 5.8.0, released on 24 April 2025. The fuzz tests that found these vulnerabilities were generated by our AI Test Agent.