%term

Zero trust with Chase Cunningham

Dec 11, 2025 By LimaCharlie In LimaCharlie

Join us for this week's Defender Fridays as we explore Zero Trust architecture and implementation with Dr. Chase Cunningham, Chief Security Officer at Demo-Force. At Defender Fridays, we delve into the dynamic world of information security, exploring its defensive side with seasoned professionals from across the industry. Our aim is simple yet ambitious: to foster a collaborative space where ideas flow freely, experiences are shared, and knowledge expands.

View Video

LimaCharlie

Read more about Zero trust with Chase Cunningham

GRC Engineering for Revenue Acceleration | TrustCloud

Dec 11, 2025 By TrustCloud In TrustCloud

How to build a Customer Assurance and Continuous Control Monitoring Program that earns customer trust. Join us for a practical and insightful conversation on how transparent security and compliance posture sharing , high-confidence AI-assisted security questionnaire completion, and continuous control monitoring (CCM) translate directly into customer assurance, revenue acceleration, faster sales cycles, and higher buyer confidence.

View Video

TrustCloud

Read more about GRC Engineering for Revenue Acceleration | TrustCloud

Backup vs. Replication: Key Differences Explained

Dec 11, 2025 By David Safaii In Trilio

When your application crashes or a region goes offline, the difference between backup and replication determines whether you’re back online in minutes or scrambling for days. Most IT teams confuse these two strategies, but they solve different problems. Backup creates point-in-time copies of your data for recovery after corruption or deletion. Replication maintains synchronized copies across systems for high availability and failover.

Read Post

Trilio

Read more about Backup vs. Replication: Key Differences Explained

OIDC for Developers: Reasons Your Auth Integration Could Be Broken

Dec 11, 2025 By Thomas Segura In GitGuardian

Why outsourcing auth doesn't mean outsourcing risk.

Read Post

GitGuardian

Read more about OIDC for Developers: Reasons Your Auth Integration Could Be Broken

All things AI and malware with Randy Pargman

Dec 11, 2025 By LimaCharlie In LimaCharlie

Join us for this week's Defender Fridays as we explore the reality of AI-powered malware threats with Randy Pargman, Senior Director of Threat Detection at Proofpoint. At Defender Fridays, we delve into the dynamic world of information security, exploring its defensive side with seasoned professionals from across the industry. Our aim is simple yet ambitious: to foster a collaborative space where ideas flow freely, experiences are shared, and knowledge expands.

View Video

LimaCharlie

Read more about All things AI and malware with Randy Pargman

Secret Management: A Step-by-step Guide to NHI Security

Dec 11, 2025 By The Apono Team In Apono

It’s not hard for secrets to sprawl, buried under layers of commits and forgotten branches. Most teams don’t notice it until one bad push exposes everything. Secret leaks don’t come from breaches, but from configuration drift and forgotten credentials; a gap that traditional vault tools struggle to close on their own. Here’s the scale of that mess. Machine identities now outnumber human users by more than 80 to 1, and each one relies on credentials to function.

Read Post

Apono

Read more about Secret Management: A Step-by-step Guide to NHI Security

CVE-2025-10573: Critical Unauthenticated Stored XSS in Ivanti Endpoint Manager

Dec 11, 2025 By Bhargavi Pallati In Indusface

A newly disclosed vulnerability in Ivanti Endpoint Manager (EPM) tracked as CVE-2025-10573 allows unauthenticated attackers to inject persistent JavaScript into the EPM administrative dashboard. Assigned a CVSS score of 9.6, this vulnerability presents a critical security risk because it enables attackers to hijack administrator sessions and gain full control over managed endpoints.

Read Post

Indusface

Read more about CVE-2025-10573: Critical Unauthenticated Stored XSS in Ivanti Endpoint Manager

Enumerating Users and Mailboxes in Microsoft Outlook 365 Web

Dec 11, 2025 By James Drew In Sentrium

During our research into Microsoft 365 security, we discovered a flaw in Outlook on the web (OWA) that exposed information about users and their mailboxes. By manipulating certain request headers against the “/owa/service.svc” endpoint, an attacker could not only confirm whether a user account existed, but also determine if that account had a mailbox associated with it.

Read Post

Sentrium

Read more about Enumerating Users and Mailboxes in Microsoft Outlook 365 Web

Adversarial AI: The New Symmetric Threat Landscape

Dec 11, 2025 By SecurityScorecard In SecurityScorecard

Adversarial AI is geometrically making cyber a symmetric threat, fundamentally altering the cybersecurity equation. However, there are leaders who have successfully navigated these emerging challenges and understand the implications. Join Dr. Aleksandr Yampolskiy (CEO & Co-Founder, SecurityScorecard) and Dr. Srinivas Mukkamala (CEO, Securin Inc.) as they dive into: SecurityScorecard monitors and scores over 12 million companies worldwide.

View Video

SecurityScorecard

Read more about Adversarial AI: The New Symmetric Threat Landscape

It's 2 AM. Do You Know Which AIs Your MCP Server Is Talking To?

Dec 11, 2025 By João Cruz In BitSight

When Anthropic dropped the Model Context Protocol (MCP) in late 2024, it felt like the missing puzzle piece for AI tooling: a standard way for Large Language Models (LLMs) to talk to data sources, APIs, and pretty much anything else you can think of. Think of it as a USB-C port for AI, as the protocol’s creators like to say. But like most shiny new standards, the devil’s in the details.

Read Post