According to the IBM Global AI Adoption Report, 82% of companies have already adopted or are exploring artificial intelligence (AI) solutions. However, with the rapid development of diverse AI-powered products and services, there’s been a growing need to establish regulatory frameworks for adopting AI responsibly. ‍

Today, I’m delighted to announce the release of Jit’s Context Engine, which uses the runtime context of vulnerabilities to automatically prioritize the top security risks in our customers’ cloud applications. One of the defining challenges of product security is the overwhelming volume of alerts generated by code and cloud security scanners, which is especially painful when the majority of “issues” don’t pose any real security risk.

I have created a comprehensive webinar, based on my recent book, “Fighting Phishing: Everything You Can Do to Fight Social Engineering and Phishing”. It contains everything that KnowBe4 and I know to defeat scammers. The evidence is clear – there is nothing most people and organizations can do to vastly lower cybersecurity risk than to mitigate social engineering attacks. Social engineering is involved in 70% to 90% of all successful attacks.

Welcome to this week’s Cyber Threat Intelligence Summary, where we bring you the latest updates and insights on significant cyber threats. This edition covers an alleged data breach at Ticketmaster, a cyberattack on Synnovis affecting London hospitals, and a data breach disclosed by the BBC. The full reports are available to CYMON users. Request access here.

How many times can we say, “It’s been a busy week for the security industry,” before it becomes cliche? We recently discussed changes in the SIEM market, with mergers and acquisitions disrupting the traditional SIEM vendor landscape and XDR vendors introducing new SIEM solutions. This week, we continue to see a range of mixed messages from the market around the future of XDR and SIEM.

APIs are crucial for modern digital businesses because they allow different software systems to communicate and exchange data seamlessly and they are foundational to how modern applications are built. However, they are also vulnerable to cyberattacks because they are widely used. To address this growing threat, organizations are increasingly turning to API protection solutions to protect their valuable data and ensure uninterrupted business operations.

NIST has announced that it has filled the funding gap for the National Vulnerability Database (NVD) and hired a contractor to return it to its previous underwhelming state. What does that mean for us? Basically, The NVD is off life support, but we wouldn’t say it’s healthy. It’s more like “undead”.

The vendor risk management lifecycle (VRM lifecycle) is an end-to-end system that categorizes critical VRM or third-party risk management processes into three phases: vendor onboarding, ongoing risk management, and continuous monitoring.

Here at Ignyte, we’ve talked a lot about FedRAMP, the Federal Risk and Authorization Management Program. As you likely well know, FedRAMP is the federal government’s unified security standard, derived from NIST standardization documents and transformed into a framework to provide a cohesive idea of security across disparate government organizations and contractors. You might wonder, how does this work with state-level agencies and departments?

The healthcare sector is a top target of cyber criminals eager to steal sensitive data and extort high ransoms. The key to thwarting costly attacks is to understand that identity is the new security perimeter. By implementing robust identity and access management (IAM), healthcare organizations can significantly enhance their security and cyber resilience. This article explains the role of IAM in healthcare and details the most pressing IAM gaps to address.