%term

Beyond the Basics: Advanced Features in Application Security Testing Software

Nov 25, 2025 By Natalie Tischler In Veracode

The landscape of application development is moving faster than ever, driven by AI and cloud-native technologies. While this rapid innovation creates opportunity, it also expands the attack surface, making robust security non-negotiable. As a security leader, you understand that effective application security testing software is the foundation of a strong defense. But in the face of escalating threats, are the basic tools still enough?

Read Post

Veracode

Read more about Beyond the Basics: Advanced Features in Application Security Testing Software

Digital Asset Custody as the Strategic Foundation for Banking's Digital Future

Nov 25, 2025 By Fireblocks In Fireblocks

Most banks approach digital assets with the same assumptions they use for traditional custody. It is a natural starting point, but it does not hold. Digital assets behave differently, and control that once sat inside core systems now has to be applied in the wallet layer. Institutions that understand this now gain meaningful advantages in speed, flexibility, and market positioning.

Read Post

Fireblocks

Read more about Digital Asset Custody as the Strategic Foundation for Banking's Digital Future

Flying blind on workforce security? Let User Risk be your co-pilot.

Nov 25, 2025 By UpGuard In UpGuard

What we heard loud and clear from security teams is that they’re flying blind when it comes to securing their workforce. In fact, companies often have more SaaS applications than they do employees. They just don’t realize it. Secondly, there’s a tremendously long tail of SaaS applications only being used by one person in the organization. Imagine trying to imagine that manually. User Risk, solves this visibility gap by giving organizations visibility into your human risk, enabling safe AI adoption, and driving a security-first culture.

View Video

UpGuard

Read more about Flying blind on workforce security? Let User Risk be your co-pilot.

Critical WSUS Flaw Exploited: Chinese APTs Deploy ShadowPad Backdoor via CVE-2025-59287

Nov 25, 2025 By Foresiet In Foresiet

Our intelligence team has uncovered a fresh escalation in state-sponsored cyber espionage targeting enterprise update infrastructure. A critical remote code execution (RCE) vulnerability in Microsoft Windows Server Update Services (WSUS), designated CVE-2025-59287, is now actively exploited by Chinese-linked advanced persistent threat ( APT) groups. These actors leverage the flaw to deploy ShadowPad, a modular backdoor long favored in espionage operations.

Read Post

Foresiet

Read more about Critical WSUS Flaw Exploited: Chinese APTs Deploy ShadowPad Backdoor via CVE-2025-59287

Shadow SaaS IS lurking in your organization. Here's what you need to know.

Nov 25, 2025 By UpGuard In UpGuard

Is shadow SaaS lurking in your organization? The answer is "yes". Now, what do you do about it? User Risk gives security teams complete visibility into their human risk, enabling safe AI adoption, and driving a security-first culture. Discover more of what User Risk can do for you.

View Video

UpGuard

Read more about Shadow SaaS IS lurking in your organization. Here's what you need to know.

A New Wave of Supply-Chain Chaos: SHA1HULUD Malware Hijacks NPM Ecosystem and Exfiltrates Developer Secrets

Nov 25, 2025 By Foresiet In Foresiet

A previously known malware strain, SHA1-HULUD, has resurfaced with a large-scale software supply-chain attack targeting the NPM ecosystem. More than 300 open-source NPM packages were maliciously modified within a short window, leading to the theft of sensitive credentials and over 20,000 compromised GitHub repositories.

Read Post

Foresiet

Read more about A New Wave of Supply-Chain Chaos: SHA1HULUD Malware Hijacks NPM Ecosystem and Exfiltrates Developer Secrets

When cybercrime meets cyberwarfare

Nov 25, 2025 By Omer Grossman In CyberArk

Across today’s threat landscape, the divide between cybercrime and cyberwarfare is disappearing. Financially motivated groups and state-sponsored actors rely on the same tactics, techniques, and procedures (TTPs)—exploiting zero-day and one-day vulnerabilities, abusing ransomware-as-a-service (RaaS) platforms, hiding behind proxies, and living off the land (LotL) within legitimate IT environments. They also often target the same enterprises.

Read Post

CyberArk

Read more about When cybercrime meets cyberwarfare

Shai-Hulud Returns with Mass Credential Theft

Nov 25, 2025 By Ryan Hicks In Kroll

Kroll Threat Intelligence is tracking a second wave of ‘Shai-Hulud’ NPM compromises, named as ‘Sha1-Hulud’ (based on the GitHub action name created as well as the public repository description it creates to publish credentials).

Read Post

Kroll

Read more about Shai-Hulud Returns with Mass Credential Theft

From Hats to Heartfelt Advice: Takeaways from a Fireside Chat with CISO @ Crocs

Nov 25, 2025 By Megan Horner In Seemplicity

The fireside chat with Crocs CISO Lena Taylor at our Denver event brought together cybersecurity professionals, allies, and leaders for an evening of honest insight and community. From redefining work-life balance to knowing when to pursue new opportunities, Lena shared grounded, real-world wisdom that resonated far beyond career advice. Here’s a look at the biggest takeaways from the discussion and why the night left such a lasting impression.

Read Post

Seemplicity

Read more about From Hats to Heartfelt Advice: Takeaways from a Fireside Chat with CISO @ Crocs

The Complete Guide to Patch Management: Closing Security Gaps Before Attackers Find Them

Nov 25, 2025 By Acronis In Acronis

Definition: Patch management is the continuous lifecycle of identifying, acquiring, testing, and deploying code updates to endpoints, servers, and applications to resolve security vulnerabilities and improve stability. The 5-Step Process.

Read Post