Astra API Security Platform Slams the Backdoor on API Cyberattacks
A new API security solution delivers real-time visibility and automated pentesting to secure zombie and undocumented APIs before attackers can exploit them.
Why We Built CertKit
SSL Certificates have always been a pain in the butt. From the magical OpenSSL incantations to generate a CSR to the various formats that each webserver requires. Remembering what hardware needs which certificates. Managing scheduled renewals and runbooks for which file goes where. Screw anything up and your site is “Not Secure”. And now Apple wants us to do it every 47 days. Remember when we had HTTP-only websites? Or when certificates lasted three years? Then one?
When Google Says "Scan for Secrets": A Complete Guide to Finding Hidden Credentials in Salesforce
The Salesloft Drift breach affected hundreds of organizations through Salesforce, including Cloudflare, Palo Alto Networks, and Zscaler. Google now explicitly recommends running secrets scanning tools across Salesforce data—here's your complete guide.
Why We Built Nucleus Insights
Today we’re announcing the beginning of the next phase of our journey. We’re launching our Vulnerability Intelligence feed, Nucleus Insights. As we’ve worked with many companies, partners, and clients over the years, this became an obvious next step for Nucleus, and I want to share with you why. Fixing vulnerabilities is expensive. Not just in terms of patching costs or system downtime, but in people, time, and lost focus.
How to Maintain DevSecOps Velocity Without Compromising Security
Software delivery today is a delicate balancing act between moving quickly and maintaining security. CXOs chase release velocity, PMs measure success by the number of features shipped, and developers are asked to code faster with every sprint. However, every pipeline that prioritizes speed without embedded security is essentially gambling with the risk of a breach. Legacy security models still act like toll gates, piling on reviews and post-deploy scans that stall progress.
EMBER2024: Advancing the Training of Cybersecurity ML Models Against Evasive Malware
CrowdStrike data scientists are members of a team of cybersecurity researchers that recently released EMBER2024, an update to EMBER, the popular open source malware benchmark dataset originally released in 2018. The EMBER2024 dataset includes metadata, labels, and calculated features for over 3.2 million files from six different file formats.
The Case of the Phantom Date: How a Single Pixel Fooled Our Visual AI
We’ve all seen it: a cutting-edge, multimodal LLM, capable of understanding complex documents, stumbles on a seemingly simple task. In our case, the model confidently reported a contract’s signing date as "March 30". The only problem? The document clearly stated "March 9th". It wasn't just a minor error; it was a baffling one that sent us down a rabbit hole of debugging.
Securonix - Breach Ready. Board Ready. AI-Powered.
Security teams today are expected to do it all. Stop threats faster. Prove value to the board. Scale with fewer resources. Securonix makes it possible. Breach Ready means unified detection and response with up to 60 percent faster time to containment and 50 percent less analyst workload. Board Ready means 193 percent ROI, a six-month payback period, and reporting that drives strategic decisions. AI Powered means modular agents that cut false positives by 90 percent and automate triage with precision, keeping your team in control. This is modern security. This is Securonix.
Balancing Scan Depth and Speed in Modern Pipelines
Most teams run on velocity budgets, not risk budgets. While features get sprints, milestones, and release slots, risk, on the other hand, gets hope. When scan depth and speed decisions are made without an explicit budget for risk, the outcome is predictable: throughput is optimized while exposure compounds silently in the background.
CERT-In 2025 Audit Guidelines: What Every CXO Needs to Know
When engineers stress-test a bridge, they don’t ask the pedestrians to sign off on safety. They put the liability squarely on the designers, contractors, and city officials, i.e., if it fails, it’s their names on the line. CERT-In 2025 audit guidelines and framework apply the same logic to digital infrastructure. No more passing the buck to auditors; CXOs must sign risks, PMs must certify vendors, and developers must prove security in every build.