Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Latest News

Simplifying Non-Human Identity Security with Torq and Clutch Security

The rise of Non-Human Identities (NHIs) — think APIs, bots, service accounts, and machine identities — has expanded the attack surface in ways we’re only beginning to understand. NHIs now outnumber human identities in enterprise environments, often by a staggering ratio. While they streamline processes, enable scalability, and facilitate automation, these identities also present significant security risks.

Mend.io - Backstage Integration: Bringing Security Insights Where You Need Them

Launched as an internal project by Spotify in 2016, Backstage was released under the Apache 2.0 open source license in 2020 to help other growing engineering teams deal with similar challenges. Backstage aims to provide a consistent developer experience and centralize tools, documentation, and services within a single platform.

Discover Every Identity to Manage Cybersecurity Risk Effectively

Next time you’re outside on a clear night, look up at the stars and start counting. Chances are you’ll lose track, skip over some or completely forget where you started—there are just so many. Now imagine that vast sky is your enterprise, and each sparkling dot represents an identity (or account). Can you find them all—let alone secure them? If you’re like most organizations out there, the answer is no.

Scalper Bot Targets Christmas 2024: Criminal Groups Cash in on Low-Value Items

In 2020, scalper bots made headlines by hoarding PlayStation 5 consoles. Lockdowns and online-only sales allowed bots to dominate the market, leaving frustrated consumers empty-handed. Today, scalper bots are even more dangerous. Criminal groups behind these operations have evolved. They are organized, professional, and focused on more sustainable targets: low-value items in massive quantities.

Top 15 GitHub Data Risks: Data Loss Scenarios and How to Prevent Them

While GitHub offers robust features, preventing data loss risks requires proactive measures. It’s vital as businesses increasingly rely on GitHub for source code management, safeguarding repositories against data loss, breaches, and operational disruptions. This overview explores the 15 most common data risks and provides actionable strategies for securing repositories and maintaining seamless development workflows.

Refresh yourself on 2024's top cyber attack trends to stay safe in 2025

We’re officially in the final days of 2024, a year so eventful it feels difficult to remember half of what happened. We had the Olympics in Paris, which turned the world into fans of sharpshooting, breakdancing, and the pommel horse; a solar eclipse visible in totality from the US for the first time since 1979; and a monthslong, very impassioned rap battle between Kendrick Lamar and Drake.

Zero Standing Privileges: Minimizing Attack Surfaces in Organizations

Restricting access to critical data and systems is the backbone of strong organizational cybersecurity. Zero standing privileges (ZSP) is an access management strategy that helps organizations limit access to resources as much as possible in order to minimize cybersecurity risks. In this article, we’ll explore the elements of a ZSP strategy, explain the risks related to standing privileges, and examine how to implement ZSP in your organization.

Detectify year in review 2024

In 2024, we shipped numerous features to help security teams manage their growing attack surface. Some examples are Domain Connectors for continuous discovery, a new Integrations platform for greater flexibility, and a Domains page for unprecedented control over attack surface data. Read on to explore our highlights of this year, check out the top vulnerabilities that made headlines, and discover what lies ahead in 2025.

23 NYCRR Part 500 Amendment Compliance Checklist

Banks and Insurance companies in New York are grappling with the complexities of 23 NYCRR Part 500, a challenging cybersecurity regulation that demands comprehensive and nuanced security measures. The primary hurdle for these organizations is translating the regulatory language into actionable, practical steps that meaningfully enhance their cybersecurity posture.