Creating an enterprise security-first culture is one of the most impactful things a CISO can do to protect their organization. Sure, high-tech solutions and fancy tools are important, but they are largely ineffective when staff are unable or unwilling to play their part in preventing, identifying, and reporting security incidents. However, in the quest to develop a positive cybersecurity culture, many Chief Information Security Officers (CISOs) inadvertently create a toxic environment.

Published first as a whitepaper in late 2024, the 2025 OWASP Top 10 for LLM Applications is yet another monumental effort from OWASP made possible by a large number of experts in the fields of AI, cybersecurity, cloud technology, and beyond—including Mend.io Head of AI Bar-El Tayouri. LLMs are still new to the market but beginning to mature, and the OWASP Top 10 for LLM Applications is maturing alongside it.

The Network and Information Systems Directive 2 (NIS2) is the European Union’s effort to fortify cybersecurity across critical industries and services. Building on the original NIS Directive, NIS2 has broadened its scope, introduced stricter requirements, and placed greater emphasis on supply chain security. Now that the October 2024 transposition deadline has passed, organizations must focus on maintaining compliance and integrating robust cybersecurity measures into their operations.

In a recent discovery, our research team uncovered a fake VS-code extension—truffelvscode—typosquatting the popular truffle for VS-code extension. This extension serves as a trojan horse for multi-stage malware. This blog takes a closer look at how the malicious extension operates, its obfuscation techniques, and IOCs related to this incident.

As a part of our ongoing work to secure cloud computing infrastructure, we delved into the inner workings of some popular Kubernetes add-ons. Our first subject of research was Istio, a popular service mesh add-on. Istio is an open-source service mesh for Kubernetes that manages communication between microservices. It provides traffic management, security, and observability features without requiring code changes.

WatchGuard Technologies, a leading provider of unified cybersecurity solutions, today revealed its participation in the Amazon Web Services (AWS) Independent Software Vendor (ISV) Accelerate Program. This co-sell initiative connects AWS Partners offering software solutions that operate on or integrate with AWS, helping them drive new business by directly linking ISVs with the AWS Sales team.

With the dynamic start of the new US Presidential Administration, on the heels of our global annual kick-off, and with colleagues across our offices starting Lunar New Year celebrations last week, it’s a good time for Fireblocks to share our outlook on digital assets policy for the rest of the year. Years in our industry are often unprecedented.

The question of ownership is one of the biggest reasons vulnerabilities persist in organizations far longer than they should. Who owns vulnerabilities? This isn’t just a theoretical debate—it’s a critical operational issue. Modern scanning solutions excel at identifying and prioritizing vulnerabilities, but without clear ownership, those vulnerabilities often linger unaddressed or improperly documented, increasing an organization’s risk exposure.