#195 - Intel Chat: APT tunnelling, BadPilot, CVE-2025-0108, emojis & Kitty Stealer
In this episode of The Cybersecurity Defenders Podcast, we discuss some cutting-edge intel coming out of LimaCharlie's community Slack channel.
Security | Threat Detection | Cyberattacks | DevSecOps | Compliance
The Latest Cybersecurity News & Insights From Around The World
%term
Custom Policy Management in Black Duck SCA | Black Duck
You need the ability to tune open source risk management based on your team's unique risk tolerance and application lifecycle. Black Duck SCA enables this with custom policy configuration, allowing you to... Explore the powerful customization options in BlackDuck SCA to manage and mitigate risks effectively.
Eliminating Shadow Access: The Hidden Dangers of SSH and API Keys
Speakers Eliminating Shadow Access: The Hidden Dangers of SSH and API Keys Static credentials like SSH keys and API keys play a prominent role in managing modern infrastructure, automating tasks, and enabling software integration, but they also pose significant risks. These keys are often difficult to track, escape traditional monitoring tools, and can be easily exploited if stolen, leading to breaches, shadow access, and compliance issues.
How AI complicates GDPR, DPDP, PDPL, and CPRA Compliance
This article explores why AI is complicating compliance and the critical steps enterprises must take to avoid regulatory pitfalls.
Security Bulletin: PAN-OS Authentication Bypass Vulnerability
CVE-2025-0108 is a high-severity authentication bypass vulnerability affecting Palo Alto’s PAN-OS, the operating system for their next-generation firewalls. This flaw allows an unauthenticated attacker with network access to the PAN-OS management web interface to bypass authentication controls and execute restricted PHP scripts.
Securing AI vs AI Security: What Are We Talking About?
Lately, it seems like the only thing anyone is talking about in the technology sector is Artificial Intelligence. With good reason! AI is an incredibly powerful tool that is only going to grow in usage and scope. However, there seems to be a lot of confusion around various terms involving AI and security. The focus of this blog will be breaking down the differences between securing AI, secure AI use, AI for security, and AI safety.
DataTrails and Daiki Join Forces to Revolutionize Trust and Governance in the AI Era
Confidently scale AI initiatives with irrefutable proof of ethical data practices and compliant AI operations. In today’s rapidly evolving digital landscape, the intersection of data provenance and AI governance has become mission-critical for businesses. As AI continues to shape industries – from healthcare and finance to media and technology – the need for verifiable data integrity and responsible AI oversight has never been more urgent.
Zero-Trust Access for GitHub
Our journey with GitHub proxy support began with an internal challenge: securing our most critical repositories against unauthorized acess. As a company that manages infrastructure as code, including sensitive systems like Hardening Okta with Terraform, we needed an ironclad solution to lock down acess to our codebase. The problem was that traditional authentication methods like SSH keys and Personal Access Tokens (PATs) left our repositories vulnerable to unauthorized access.
Advanced Network Traffic Analysis: Machine Learning and Its Impact on NTA
Machine Learning (ML) has revolutionized industries by empowering systems to learn from data, make predictions, automate decisions, and uncover insights—all without the need for explicit programming. With ML, systems can: In network security and cybersecurity, ML and other emerging technologies are crucial for detecting malicious activities such as unauthorized access, data breaches, and other complex security threats.
Hybrid Cloud Security: Hidden Threats Your Team Might Miss
Companies are rapidly moving to hybrid cloud environments, with most of them already making this transition. This fundamental change affects how organizations handle their infrastructure.