%term

Scan secrets in CI with ggshield (GitHub Actions example)

Dec 29, 2025 By GitGuardian In GitGuardian

Next up is ggshield secret scan ci, the mode built for continuous integration, not your local machine. In this section, we’ll show how CI scanning works and why it’s different. Instead of scanning your whole repo, it scans the set of commits that triggered your pipeline, whether that build came from a direct push or a pull request. That means you catch secrets at the exact moment they’re introduced, before they get merged or released.

View Video

GitGuardian

Read more about Scan secrets in CI with ggshield (GitHub Actions example)

Streamline Security Operations with Falcon for IT's Turnkey Automations

Dec 29, 2025 By Michael Devins In CrowdStrike

As IT environments grow more complex and adversaries move faster, security and IT teams need a reliable way to enforce configurations, maintain application health, and resolve issues at scale without writing or maintaining custom scripts. CrowdStrike Falcon for IT already gives operators powerful tools to query endpoints, run remediation, and enforce baseline configurations.

Read Post

CrowdStrike

Read more about Streamline Security Operations with Falcon for IT's Turnkey Automations

From Compliance to Cyber Resilience: The Real-World Benefits of DLP

Dec 29, 2025 By Fernando Jorge In Cyberhaven

For many organizations, data loss prevention (DLP) has historically been viewed through the narrow lens of compliance. Regulations like PCI DSS, HIPAA, and GDPR forced companies to prove they had controls in place to protect sensitive information. DLP was the obvious answer—a way to prevent credit card numbers, Social Security information, or personal health data from leaving the organization in unauthorized ways. In that framing, DLP was deployed to satisfy audits, not reduce risk.

Read Post

Cyberhaven

Read more about From Compliance to Cyber Resilience: The Real-World Benefits of DLP

Tell us your story

Dec 29, 2025 By lori cotton In One Identity

At One Identity, we’re all about our customers, and we thrive on customer opinions. We’d love for you to share your One Identity Active Roles story by sharing a review on PeerSpot and be seen as a thought leader. It’s as quick as a 10-15-minute online survey or a phone call.

Read Post

One Identity

Read more about Tell us your story

No Snow Days for Security: How Reach Uses AI Agents to Find and Fix Hidden Risk

Dec 29, 2025 By Reach Security In Reach Security

Security exposure doesn’t take a day off. Rain, snow or shine, environments keep changing. Controls drift. Configs break. Risk quietly piles up. Reach was founded to help organizations find and fix hidden risk and exposure. Traditional approaches surface issues — dashboards, alerts, findings — but stop short of actually fixing them.

View Video

Reach Security

Read more about No Snow Days for Security: How Reach Uses AI Agents to Find and Fix Hidden Risk

2025 Wrapped: Updates on This Year's Hottest Topics

Dec 29, 2025 By CrowdStrike In CrowdStrike

This was a busy year for the Adversary Universe podcast. We covered the emergence of new adversaries, the weaponization of AI, critical CrowdStrike research, and how cyberattacks look in different regions of the world.

View Video

CrowdStrike

Security

Read more about 2025 Wrapped: Updates on This Year's Hottest Topics

Zestix Threat Actor Profile | TTPs, Victims, and Breach Activity

Dec 29, 2025 By Gemma Goldstein In Cyberint

Zestix is identified as a criminal threat actor primarily motivated by personal gain. The actor first emerged in September 2025 and operates at an intermediate resource level, functioning as an individual. Zestix has been involved in significant data breaches, notably targeting organizations in the transportation and government sectors.

Read Post

Cyberint

Read more about Zestix Threat Actor Profile | TTPs, Victims, and Breach Activity

MongoBleed (CVE-2025-14847): Critical Unauthenticated MongoDB Memory Disclosure

Dec 29, 2025 By Kiran Sethumadhavan and Hetram Yadav In Coralogix

A critical vulnerability identified as CVE-2025-14847 (dubbed “MongoBleed“) affects MongoDB Server instances, exposing systems to unauthenticated information disclosure. This vulnerability allows a remote attacker to read sensitive data from the server’s memory without requiring authentication.

Read Post

Coralogix

Read more about MongoBleed (CVE-2025-14847): Critical Unauthenticated MongoDB Memory Disclosure

CoPilotLeaks: A Look at the Threat Actor's TTPs, History and More

Dec 29, 2025 By Gemma Goldstein In Cyberint

CopilotLeaks is a criminal threat actor group known for its data breaches and leaks targeting various sectors in Bolivia and Paraguay. The group operates under multiple aliases, including Megumi, vulnerandolo, and Johan_Liebheart. Their primary motivation is personal gain, and they are characterized as having an intermediate level of sophistication.

Read Post

Cyberint

Read more about CoPilotLeaks: A Look at the Threat Actor's TTPs, History and More

Security Alert: CVE-2025-14847 MongoDB "MongoBleed" Actively Exploited

Dec 29, 2025 By Emma Stevens In BitSight

A high-severity vulnerability, CVE-2025-14847, affecting MongoDB Server is being actively exploited in the wild with a Bitsight Dynamic Vulnerability Exploit (DVE) score of 9.71. The flaw, commonly referred to as “MongoBleed,” is an unauthenticated memory-read vulnerability caused by improper handling of zlib-compressed network message headers, which may allow attackers to read uninitialized heap memory remotely.

Read Post