The discussion about managing the impact of shorter TLS certificate lifespans began with the proposal from Google to shorten the lifespan of public-facing certificates to 90 days. And then the plot thickened when Apple jumped in with a 45-day certificate proposal. We’re not fortune tellers, but we do believe these changes, or something close to them, will happen in the not-too-distant future.

On January 8, 2025, Ivanti published a security advisory announcing the patching of a critical, actively exploited vulnerability in Ivanti Connect Secure, Policy Secure, and ZTA Gateways. Tracked as CVE-2025-0282, the vulnerability allows remote unauthenticated threat actors to achieve remote code execution (RCE) via a stack-based buffer overflow flaw. Ivanti confirmed that exploitation has only been observed in Connect Secure, and no exploitation has been reported in Policy Secure or ZTA Gateways.

From design to deployment, the rise in AI tools and AI-generated code is changing developers’ workflows, enabling them to focus on more creative and complex tasks. However, while 96% of developers use AI coding assistants to streamline their work, it can have a negative impact on security teams. One-fifth of AppSec teams surveyed said they face significant challenges securing AI-generated code due to how quickly it’s produced.

Zombie APIs, sometimes called “orphaned” or “forgotten” APIs, refer to endpoints that were initially deployed for a specific purpose but are no longer actively used or maintained. These APIs are often left operational within an organization’s infrastructure due to oversight or incomplete decommissioning processes.

Trustwave SpiderLabs first blogged about Magecart back in 2019; fast forward five years and it is still here going strong. During the pre-holiday season, cybercriminals ramped up their efforts to target e-commerce websites, aiming to steal cardholder and personal information. These attacks, collectively known as Magecart, have been active since 2015, named after the Magento e-commerce platform with "cart" referencing shopping carts — their initial primary targets.

Medical data privacy and patient data security are paramount in today’s digital age. The rapid advancement of AI and big data has revolutionized healthcare and introduced significant challenges in protecting sensitive health information. De-identification, the process of removing personally identifiable information (PHI) from medical records, is crucial for balancing patient privacy with the need for research and innovation.

Cyber insurance, also referred to as cyber liability insurance, is a specialized insurance product designed to help businesses mitigate financial losses resulting from cyber threats. In today’s digital landscape, cyber risks such as ransomware attacks, malware infections, and data breaches can lead to severe financial and operational damage.

JFrog uses open source tools such as Kubernetes, Kubernetes Event-driven Autoscaling (KEDA), and Prometheus to develop its cloud development infrastructure and ensure tight integration with the three leading cloud providers AWS, GCP, and Azure. Let’s explore how JFrog cloud deployments leverage our cloud-native architecture to provide enhanced security and management capabilities for DevOps while ensuring high availability and a transparent user experience for developers.

By James Rees, MD, Razorthorn Security From 2020 to 2024, cybersecurity underwent a transformative period that reshaped the industry. This era witnessed several significant high profile security breaches, whilst the World Economic Forum recognised cybersecurity as one of the top ten threats to global economic stability.

The healthcare industry stands at the cusp of a major transformation with the introduction of the Healthcare Information Security Accountability Act (HISAA), a progressive regulatory framework set to replace the decades-old Health Insurance Portability and Accountability Act (HIPAA). HISAA is designed to address the evolving complexities of healthcare data management, emphasizing real-time data governance, proactive monitoring, and stricter controls over third-party data exchanges.