Recent advances in AI technologies have granted organizations and individuals alike unprecedented productivity, efficiency, and operational benefits. AI is, without question, the single most exciting emerging technology in the world. However, it also brings enormous risks. While the dystopian, AI-ruled worlds of sci-fi films are a long way off, AI is helping cyber threat actors launch attacks at a hitherto unknown scale and level of sophistication. But what are AI-powered attacks?

In a time when 94% of companies have experienced an identity-related breach, many CISOs feel the urgency to strengthen identity and access management (IAM) across their organizations. In fact, a recent survey of CISOs found that identity is the top focus area going into 2025. However, communicating IAM’s value to the board remains a challenge—it isn’t enough for these security leaders to craft effective IAM strategies—they must also secure their board’s support.

On December 10, 2024, Ivanti released updates for three critical-severity vulnerabilities impacting their Cloud Services Application. By chaining the vulnerabilities together, a threat actor could obtain administrative privileges via authentication bypass (CVE-2024-11639), which could then allow for remote code execution (CVE-2024-11172) and/or SQL injection (CVE-2024-11173).

Organizations understand their sensitive data is everywhere — and adversaries are after it. Data protection solutions have become an essential part of modern cybersecurity strategies. Organizations realize that in order to avoid a breach, they must have a plan to monitor and control data flow at the user level so they can better understand where data is going, who is accessing it and when malicious activity occurs. But when it comes to deployment and operationalization, things can get complicated.

Malicious files continue to be a significant threat to organizations; SonicWall reported more than six billion malware attacks in 2023. To help organizations prepare for and stay ahead of these threats, we’re introducing an integration with YARA that offers a deeper level of inspection for files across enterprise networks while helping security teams consolidate their toolset in the process.

PowerShell is a great scripting and automation tool — and it also enables administrators to execute commands and scripts on remote computers remotely, as if they were sitting in front of them. Indeed, early in the history of PowerShell, Microsoft added support for cmdlets to run on remote systems with the -ComputerName parameter.

Imagine a former employee still being able to access your network or current employees wielding permissions far beyond their roles. Both scenarios sound risky, right? Excessive permissions aren’t just a minor oversight — they’re significant vulnerabilities that could lead to costly data breaches, regulatory penalties, and other problematic consequences.

The ultralytics supply chain attack occurred in two distinct phases between December 4-7, 2024. In the first phase, two malicious versions were published to PyPI: version 8.3.41 was released on December 4 at 20:51 UTC and remained available for approximately 12 hours until its removal on December 5 at 09:15 UTC. Version 8.3.42 was published shortly after on December 5 at 12:47 UTC and was available for about one hour before removal at 13:47 UTC.