%term

API Attack Awareness: Business Logic Abuse - Exploiting the Rules of the Game

Oct 27, 2025 By Wallarm In Wallarm

As Cybersecurity Awareness Month continues, we wanted to dive even deeper into the attack methods affecting APIs. We’ve already reviewed Broken Object Level Authentication (BOLA), injection attacks, and authentication flaws; this week, we’re exploring business logic abuse (BLA). Unlike technical flaws, business logic flaws exploit how an API is designed to behave.

Read Post

Wallarm

Read more about API Attack Awareness: Business Logic Abuse - Exploiting the Rules of the Game

Device Lockdown vs. Browser Lockdown: Explained

Oct 27, 2025 By Mateen Dalal In miniOrange

Confused about device lockdown or browser lockdown? In this blog, you will learn how each approach protects your data and simplifies management, so you can pick the right solution for your business.

Read Post

miniOrange

Read more about Device Lockdown vs. Browser Lockdown: Explained

Building Digital Operational Resilience in the DORA Era

Oct 27, 2025 By SafeBreach In SafeBreach

In this session, our team breaks down the Digital Operational Resilience Act (DORA) — the EU regulation reshaping cybersecurity expectations across the financial sector. DORA mandates continuous testing and validation of critical live production systems, emphasizing adversary emulation and real-world attack simulations to ensure true operational resilience. Learn how organizations are adapting their programs, what the rise of the Chief Resilience Officer means for cybersecurity leadership, and how continuous validation supports both compliance and readiness.

View Video

SafeBreach

Read more about Building Digital Operational Resilience in the DORA Era

AI at Work: Speed, Risk, and Why Simplicity Wins

Oct 27, 2025 By Grady Summers In Netwrix

I’ve been spending a lot of time with teams and customers talking about AI. Not in terms of buzzwords or market predictions, but the real, in-the-trenches work of building software, serving customers, and securing identities and data. The mindset we’ve adopted around AI is simple: you can’t cut your way to great products or great customer experiences. AI isn’t about replacing people or chasing short-term efficiency gains.

Read Post

Netwrix

Read more about AI at Work: Speed, Risk, and Why Simplicity Wins

LDAP Nightmare - Windows LDAP Denial of Service Vulnerability

Oct 27, 2025 By SafeBreach In SafeBreach

In this technical webinar, SafeBreach security experts explore recent LDAP vulnerabilities, focusing on CVE-2024-49113 — a critical flaw capable of crashing unpatched Windows Servers. The team breaks down: This session emphasizes the importance of proactive patching, continuous validation, and understanding the underlying mechanics of directory services to strengthen enterprise resilience.

View Video

SafeBreach

Read more about LDAP Nightmare - Windows LDAP Denial of Service Vulnerability

Overview of Machine & Workload Identity

Oct 27, 2025 By Teleport In Teleport

In this video, we’ll look at how Teleport Machine & Workload Identity secures CI/CD pipelines, microservices, IaC configurations, AI Agents, and more, by treating machines and workloads as first-class identities with short-lived certificates, policy-driven access, and full audit, no static secrets.

View Video

Teleport

Read more about Overview of Machine & Workload Identity

The Evolving Role of AI Governance: Turning Risk into Responsibility

Oct 27, 2025 By Bindu Sundaresan In LevelBlue

This piece is part of a monthly series by Carisa Brockman and Bindu Sundaresan exploring the evolving world of AI governance, trust, and responsibility. Each month, we look at how organizations can use artificial intelligence safely, thoughtfully, and with lasting impact.

Read Post

LevelBlue

Read more about The Evolving Role of AI Governance: Turning Risk into Responsibility

How to cut costs and boost automation with Microsoft Defender

Oct 27, 2025 By LimaCharlie In LimaCharlie

Learn how to augment Microsoft Defender with LimaCharlie's SecOps Cloud Platform to improve response times, lower operational costs, and gain full visibility into your security data. We cover.

View Video

LimaCharlie

Read more about How to cut costs and boost automation with Microsoft Defender

BygoneSSL and the certificate that wouldn't die

Oct 27, 2025 By Todd H. Gardner In CertKit

Turns out the scariest thing about SSL certificates isn’t when they expire. It’s when they don’t. I wrote about the CA/Browser fight that led to the 47-day certificate mandate. CAs crying about lost revenue, browsers flexing their root program authority, enterprises stuck in the middle. But nobody talks about the security research that started it all: BygoneSSL at DEFCON 2018. Two researchers mining Certificate Transparency logs found something surprising.

Read Post

CertKit

Read more about BygoneSSL and the certificate that wouldn't die

Intel Chat: Kansas City National Security Campus breach, COLDRIVER, KEV catalog & AWS outage [260]

Oct 27, 2025 By LimaCharlie In LimaCharlie

In this episode of The Cybersecurity Defenders Podcast, we discuss some intel being shared in the LimaCharlie community. Newer article link. Support our show by sharing your favorite episodes with a friend, subscribe, give us a rating or leave a comment on your podcast platform. This podcast is brought to you by LimaCharlie, maker of the SecOps Cloud Platform, infrastructure for SecOps where everything is built API first. Scale with confidence as your business grows.

View Video