How to check the impact of third-party CVEs on your Elastic deployment
The Elastic Support Hub now provides instant self-service lookup for CVE impact statements.
Security | Threat Detection | Cyberattacks | DevSecOps | Compliance
The Latest Cybersecurity News & Insights From Around The World
From Zero Trust to SPIFFE: How to Secure Microservices with Istio and Teleport
This guide walks through how to deploy microservices with Zero Trust using SPIFFE identities, service mesh mTLS, and short-lived certificates. You’ll learn how to deploy a secure microservices application, configure default-deny authorization policies, and rebuild service connectivity with explicit SPIFFE-based allow rules.
Partner-level vulnerability assessment and patch management for MSPs in Acronis RMM
For MSPs, vulnerability assessment and patch management are challenging primarily because of scale. Every new customer adds another tenant to configure, monitor and maintain, which multiplies operational overhead and increases the risk of inconsistency. The newly released cross-tenant, partner-level vulnerability assessment and patch management in Acronis RMM is designed to break this pattern.
What is Slopsquatting? The AI Package Hallucination Attack Already Happening
Typosquatting, registering a typoed version of a popular package and waiting for a developer to accidentally type and install the wrong package, has been around for a decade in npm. It’s nothing new— the registry has protections for it. Then AI came along and changed everything again. Slopsquatting is the new, AI flavor of typosquatting. Instead of betting on human typos, attackers bet on AI hallucinations, the package names that LLMs confidently recommend that don't actually exist.
Replacing Password Sharing in Slack With Secure Access Workflows
Many teams share credentials in Slack out of convenience, but this seemingly harmless habit introduces serious security and compliance risks. From accidental exposure to unauthorized access, sharing passwords in Slack can create major vulnerabilities across your organization. Keeper’s Slack workflow replaces risky password sharing in Slack with secure, Just-in-Time (JIT) access requests and approvals.
Notepad++ Supply Chain Attack Explained | CrowdStrike OverWatch Identified It Months Early
Your next software update could be weaponized. In this short breakdown, we examine how adversaries compromised the Notepad++ update mechanism to distribute malware and how CrowdStrike identified the activity four months before public disclosure.
Micro Lesson: Cloud SIEM Bulk Insight Management
This video will show you the new Cloud SIEM Bulk Insight Management feature to apply changes to up to 5000 insights at once, saving time and increasing efficiency for SOC teams.
Keeper Webinar - How KeeperPAM Supports Lean Security Teams
Watch the recording of our exclusive webinar featuring Justin Connolly, Solutions Engineer. Discover how KeeperPAM is easy to deploy for organizations with lean security teams.
Protecting Remote Endpoints: Backup Best Practices for a Distributed Workforce | BDRShield Webinar
YouTube Description With remote and hybrid work becoming the new normal, laptops and desktops are now the most vulnerable — and most overlooked — layer of business data protection. In this practical webinar, the BDRShield by Vembu team explains how IT teams and MSPs can protect remote endpoints reliably without disrupting users or increasing operational complexity. Speakers: Mani Subramanian Product Manager, Vembu Technologies What You’ll Learn.