OWASP Top 10 2021 - A09: Security Logging and Monitoring Failures

Logging and monitoring failures occur when security-relevant events are not properly captured, stored, or analyzed, making it difficult or impossible to detect ongoing attacks or respond effectively. These failures include missing logs, incomplete data, ineffective alerting mechanisms, insecure log storage, and inadequate retention policies. Such gaps are often exploited by attackers who rely on invisibility to move laterally across systems.

What You Need to Know about the Coinbase Data Breach

Coinbase is a digital currency platform that allows consumers to transact using digital currencies, including Ethereum and Bitcoin. It is one of the most popular exchanges, with millions of users. The company’s initial vision is to bring efficiency and innovation to the global economy. Despite significant security measures to secure the wallet and transactions, there was a breach in late 2024. It began when hackers targeted an employee using bribery in exchange for insider knowledge.

What is an API Specification?

API specifications are no longer just tools for developers; they are also essential for businesses. In today’s hyperconnected enterprise, they serve as strategic assets that define how digital ecosystems interact, share data, and enforce security protocols. Yet, most C-suite leaders underestimate their influence on risk posture, regulatory compliance, and operational resilience. That needs to change.

Poison everywhere: No output from your MCP server is safe

The Model Context Protocol (MCP) is an open standard and open-source project from Anthropic that makes it quick and easy for developers to add real-world functionality — like sending emails or querying APIs — directly into large language models (LLMs). Instead of just generating text, LLMs can now interact with tools and services in a seamless, developer-friendly way.

OWASP Top 10:2021 - A02 Cryptographic Failures

Cryptographic failures refer to the improper use, implementation, or management of cryptographic systems. These issues often result in unauthorized exposure of sensitive data like passwords, credit card numbers, or personal records. In the OWASP Top 10 – 2021, this category replaced the broader ‘sensitive data exposure’ from the 2017 list, with a sharper focus on the misuse or failure of cryptographic mechanisms.

IT Auditing Secrets: Uncover Financial Shenanigans & Level Up #Cybersecurity #securecloud

Mend.io, formerly known as Whitesource, has over a decade of experience helping global organizations build world-class AppSec programs that reduce risk and accelerate development -– using tools built into the technologies that software and security teams already love. Our automated technology protects organizations from supply chain and malicious package attacks, vulnerabilities in open source and custom code, and open-source license risks.

Falcon Adversary OverWatch with Next-Gen SIEM

Discover how CrowdStrike Falcon Adversary OverWatch with Next-Gen SIEM expands threat hunting across endpoints, identities, cloud, and third-party data to stop breaches quickly. By correlating subtle signals and enhancing them with world-class intelligence, OverWatch helps detect threats earlier and reduce alert fatigue. Gain 24/7 proactive threat hunting across your entire environment because breaches never wait.

Interlock ransomware: what you need to know

Interlock is a relatively new strain of ransomware, that first emerged in late 2024. Unlike many other ransomware families it not only targets Windows PCs, but also systems running FreeBSD. If you are impacted, you will find that your files have not only been encrypted but have also had ".interlock" appended to their filenames. For example, a file named report.xlsx would become report.xlsx.interlock, visibly signaling that it has been encrypted by Interlock.

Smarter Security Assessments: Automate, Customize, Scale

Discover how AI is transforming third-party risk management. In this update, Michelle from our Customer Success team walks through key improvements to AI-Assessments—from instant Security Profiles and smarter questionnaires to faster reporting and risk remediation. See what’s live, what’s coming next, and how your feedback is shaping the future of vendor risk. Interested in finding out more about UpGuard?