%term

GitGuardian - protect your enterprise against leaked secrets and mismanaged identities.

Apr 7, 2025 By GitGuardian In GitGuardian

We allow organizations to discover and remediate exposed Secrets as well as manage NHIs lifecycle across both their internal network and public perimeter (for ex over permissioned, stale secrets, secrets in multiple vaults…). Our unrivaled secrets detection engine is trained and backtested in real-time against +5Bn commits and used by more than 600k developers, it is also the n°1 app on the GitHub Market place. GitGuardian integrates natively with the SDLC (GitHub, Gitlab…) but also with other data sources such as Jira, Slack, ServiceNow, Docker, as secrets leak in all these environments.

View Video

GitGuardian

Read more about GitGuardian - protect your enterprise against leaked secrets and mismanaged identities.

Online Gaming Platform Steam Tops List of Most Imitated Brands For the First Time

Apr 7, 2025 By Stu Sjouwerman In KnowBe4

Steam was the most impersonated brand in phishing attacks during the first quarter of 2025, according to a new report from Guardio. The researchers note that the gaming platform’s surge to the top comes as “a bit of a shock.” “Historically, the spot has been dominated by the usual suspects - big tech companies like Meta, Microsoft, or even USPS,” Guardio says. “But this quarter, it’s Steam, and by a significant margin.

Read Post

KnowBe4

Read more about Online Gaming Platform Steam Tops List of Most Imitated Brands For the First Time

Initial Access Brokers Explained

Apr 7, 2025 By Cymon In CYJAX

Initial access brokers (IABs) form a key part of the cybercriminal ecosystem. They facilitate access for ransomware groups, data leakers, and advanced persistent threat groups (APTs) into corporate networks. They are highly specialised, professional, and operate in an established, lucrative market which is often characterised by rigid rules and conventions. Every ransomware incident or data breach begins with initial access, following the reconnaissance phase of an attack.

Read Post

CYJAX

Read more about Initial Access Brokers Explained

Emerging Threat: Ivanti CVE-2025-22457

Apr 7, 2025 By Emma Zaballos In CyCognito

CVE-2025-22457, a critical vulnerability (CVSS 9.0) affecting Ivanti Connect Secure, Ivanti Policy Secure, and Ivanti ZTA Gateways. The issue stems from a stack-based buffer overflow triggered by sending a specially crafted X-Forwarded-For HTTP header. Successful exploitation enables unauthenticated remote code execution. This vulnerability was originally misidentified as a buffer overflow vulnerability that could not lead to either remote code execution (RCE) or denial of service (DoS).

Read Post

CyCognito

Read more about Emerging Threat: Ivanti CVE-2025-22457

Upgraded Phishing-as-a-Service Platform Drives a Wave of Smishing Attacks

Apr 7, 2025 By Stu Sjouwerman In KnowBe4

A phishing-as-a-service (PhaaS) platform dubbed ‘Lucid’ is driving a surge in SMS phishing (smishing) attacks, according to researchers at Prodaft. The platform is operated by Chinese cybercriminals who offer access to the service under a subscription model. A Lucid subscription allows crooks to easily craft sophisticated, targeted phishing campaigns.

Read Post

KnowBe4

Read more about Upgraded Phishing-as-a-Service Platform Drives a Wave of Smishing Attacks

What Is SIM Swapping?

Apr 7, 2025 By Keeper Security In Keeper

SIM swapping is a dangerous scam that can give cybercriminals access to your phone, accounts and personal data. In this video, we explain how SIM swapping works and the simple steps you can take to stay protected.

View Video

Keeper

Read more about What Is SIM Swapping?

The Fastest Way to Secure Your APIs? We've Got That Covered with CrowdStrike

Apr 7, 2025 By Michael Callahan In Salt Security

APIs are the backbone of modern apps, but they also introduce some serious security risks. Attackers are constantly on the lookout for vulnerable APIs, shadow APIs, zombie APIs, and exposed sensitive data—all of which are tough to track if you don’t have the right tools in place. That’s why we’ve teamed up with CrowdStrike to make API security easier, faster, and more powerful than ever.

Read Post

Salt Security

Read more about The Fastest Way to Secure Your APIs? We've Got That Covered with CrowdStrike

New in Vanta | April 2025

Apr 7, 2025 By Vanta In Vanta

This past month, the Vanta team launched new features to help you: ‍

Read Post

Vanta

Read more about New in Vanta | April 2025

April 07, 2025 Cyber Threat Intelligence Briefing

Apr 7, 2025 By Kroll In Kroll

This week’s briefing covers: North Korean Fake Workers Expand to European Organizations Kroll has previously reported on the growing scale of the DPRK IT worker fraud scheme where the U.S. was a key focus, with some Southeast Asian countries also seeing fraudulent activity. It has since been reported that an increase in active operations in Europe has been observed—a notable expansion since its beginnings in 2024.

View Video

Kroll

Read more about April 07, 2025 Cyber Threat Intelligence Briefing

SOAR: Transforming Security and IT

Apr 7, 2025 By Kassandra Murphy In Splunk

When people hear “SOAR,” they often think of Security, Orchestration, Automation and Response, a powerful solution for streamlining security operations. But SOAR’s capabilities don’t stop there. By driving efficiency and automation in IT operations, infrastructure management and cloud optimization, SOAR empowers teams across the organization to work smarter and respond faster.

Read Post