%term

How we navigated database limits with a growing product

Apr 17, 2025 By Vanta In Vanta

In 2024, one of Vanta’s engineering goals was to improve the quality while maintaining our rapid product development. Around the same time, we also discovered we were months away from reaching our MongoDB Atlas database storage limit. If this threshold was reached, then we wouldn't be able to write any new data and the Vanta product would’ve been heavily degraded. This was a clear signal that we needed to invest more in our infrastructure and storage solution. ‍

Read Post

Vanta

Read more about How we navigated database limits with a growing product

8 Tips for Kubernetes Role-Based Access Control (RBAC)

Apr 17, 2025 By The Apono Team In Apono

The weakest link in your infrastructure might just be your permissions. In Kubernetes, permissions exist to protect your cluster, but if you’re not careful, they can become your number one problem. How? A single misconfigured access role in a Kubernetes cluster can open the door to a full-scale security breach. Yes, your network policies and firewalls are in place, but when a bad actor can kubectl delete a namespace from inside your cluster, the real breach point is access control.

Read Post

Apono

Read more about 8 Tips for Kubernetes Role-Based Access Control (RBAC)

Building better workflows with multiple drafts

Apr 17, 2025 By Hannah Roy In Tines

In today's security and IT landscape, the workflows that power your operations are not merely convenient tools—they're essential infrastructure. When a phishing detection workflow fails or an access control process malfunctions, the consequences can be severe: security incidents remain undetected, response times suffer, and organizational risk escalates significantly. This reality creates a paradox for teams.

Read Post

Tines

Read more about Building better workflows with multiple drafts

Unlocking Profit: How Bankers Can Harness Stablecoins for Revenue Growth

Apr 17, 2025 By Fireblocks In Fireblocks

Brian Moynihan recently remarked, “It’s pretty clear there’s going to be a stablecoin… So if they make that legal, we’ll go into that business …it’s just then like another foreign currency.” While the comments from the CEO of Bank of America capture one bank use case for stablecoins, these digital assets have much more to offer banks than that.

Read Post

Fireblocks

Read more about Unlocking Profit: How Bankers Can Harness Stablecoins for Revenue Growth

Is Perplexity AI Safe to Use? Security Flaws in the Android App

Apr 17, 2025 By Raghunandan J In Appknox

The rapid rise of AI-powered applications brings innovation, but also security blind spots. As AI systems become integral to our daily lives, their security must keep pace with their capabilities. This is the focus of our AI Security Testing Series, where we analyze popular AI applications for vulnerabilities that could put users at risk. In our last analysis, we tested Deepseek’s Android app and uncovered critical security flaws.

Read Post

Appknox

Read more about Is Perplexity AI Safe to Use? Security Flaws in the Android App

Hunting with Elastic Security: Detecting command and scripting interpreter execution

Apr 17, 2025 By Justin Higdon In Elastic

Stealthy adversaries continually exploit system utilities to execute malicious code. A particularly potent and frequently misused tactic is MITRE ATT&CK T1059 - Command and Scripting Interpreter, wherein attackers harness built-in interpreters like PowerShell, Bash, Python, or JavaScript to run arbitrary commands.

Read Post

Elastic

Read more about Hunting with Elastic Security: Detecting command and scripting interpreter execution

A new type of infected machine - New DLS emerges for anthrax14

Apr 17, 2025 By Jovana Macakanja In CYJAX

In 2024, Cyjax observed the emergence of 72 extortion and ransomware group data-leak sites (DLSs). As of mid-April 2025, Cyjax has identified DLSs for 27 new groups this year, as noted in recent blogs on Morpheus, GD LockerSec, Babuk2, Linkc, Anubis, Arkana, Frag, and RALord.

Read Post

CYJAX

Read more about A new type of infected machine - New DLS emerges for anthrax14

Founder's Corner, Episode 8

Apr 17, 2025 By Salt Security In Salt Security

Welcome to Episode 8 of Founder's Corner Join Salt’s CEO and Co-founder, Roey Eliyahu, and CMO, Michael Callahan, as they discuss Gen AI and its impact on API security.

View Video

Salt Security

API
Security

Read more about Founder's Corner, Episode 8

Essential Features to Look for in a Shovel for Metal Detecting Success

Apr 17, 2025 By SecuritySenses In SecuritySenses

Unearthing treasures with a metal detector requires precision, patience, and the right equipment. A dependable shovel for metal detecting is more than a digging tool-it's a partner in preserving artifacts and maximizing efficiency. The perfect shovel enhances your ability to extract coins, relics, or jewelry without damage, whether you're sweeping beaches or old homesteads. With countless designs available, focusing on key features like blade strength, handle comfort, and portability ensures success.

Read Post

SecuritySenses

Read more about Essential Features to Look for in a Shovel for Metal Detecting Success

SquareX to Uncover Data Splicing Attacks at BSides San Francisco, A Major DLP Flaw that Compromises Data Security of Millions

Apr 16, 2025 By SquareX

SquareX researchers Jeswin Mathai and Audrey Adeline will be disclosing a new class of data exfiltration techniques at BSides San Francisco 2025. Titled "Data Splicing Attacks: Breaking Enterprise DLP from the Inside Out", the talk will demonstrate multiple data splicing techniques that will allow attackers to exfiltrate any sensitive file or clipboard data, completely bypassing major Data Loss Protection (DLP) vendors listed by Gartner by exploiting architectural vulnerabilities in the browser.

Read Post