Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

It’s no secret that the software development life cycle is becoming more complex. With a plethora of libraries, frameworks, and now AI coding agents and assistants, we can build far more ambitious software in a fraction of the time. This is fantastic! But with it come greater opportunities for accidental or malicious security bugs and vulnerabilities to sneak in undetected, with potentially devastating consequences for your users and their trust in your company.

The FBI is warning that the Silent Ransom Group (SRG) is targeting law firms with IT-themed social engineering attacks and callback phishing emails. SRG is a cybercriminal gang that demands ransoms in exchange for not leaking stolen data. “SRG has been operating since 2022 and has primarily been known for their callback phishing emails, masquerading as well-known businesses who offer subscription plans,” the FBI explains.

A phishing campaign is targeting European countries with lures themed around copyright infringement, researchers at Cybereason warn. The phishing emails are designed to deliver the Rhadamanthys infostealer malware. “These campaigns often involve emails impersonating companies and their legal departments, falsely claiming recipients have violated copyright on social media or elsewhere and demanding content removal,” the researchers write.

Internet-facing assets are targeted for many reasons, such as to establish persistence, evade defensive capabilities, and access sensitive networks. According to the search engine Shodan, approximately 1,600 VMware vSphere instances are directly accessible via the internet, representing a significant attack surface.

‍TL;DR ‍ Request a Free Demo Today.

Industrial IoT (IIoT) networks are under siege—from ransomware attacks that halt production lines to nation-state actors targeting critical infrastructure. Yet, traditional security measures struggle to keep up with these stealthy and persistent threats. This lack of visibility and proactive detection leaves security teams blind to lateral movement and insider threats lurking within OT environments.

Software development moves fast; updates are deployed daily, and new features seem to roll out constantly. For security professionals and developers, this pace brings both opportunities and risks. Building an application security program from scratch can be daunting. Expanding attack surfaces, unclear roles and responsibilities, and an endless stream of vulnerabilities from disparate tools create a complex and challenging landscape to navigate.

The biggest cybersecurity bottleneck for today’s enterprises isn’t detection. It’s remediation. Organizations are flooded with vulnerability data, but that flood rarely translates into effective action. Instead, security teams spend their time wrangling data, chasing tickets, and firefighting the same risks week after week. The outcome? Wasted effort, missed SLAs, and real business risk.

XML external entity injection or XXE, is a type of web security vulnerability and an application-layer cybersecurity attack. This vulnerability allows the hacker to interfere with an application while it is processing XML data. The attacker can inject unsafe XML entities into the application and can interact with systems to which the application has access. The hackers can also view files on the server and even perform remote code execution (RCE).

A decade ago, the primary focus of TPRM was questionnaire management and distribution, usually done in a simple and manual way, relying on vendors to self-report on their security practices. Today the basic best practices of TPRM have grown to include continuous monitoring and other advanced AI-based capabilities like CVE alerting for third parties as elementary aspects of an effective program.