As developers, we’re constantly under pressure to innovate at speed. In 2022, 60% of developers who responded to a GitLab survey acknowledged that code is moving to production at an increasingly faster clip–up to five times faster than in previous years. But juggling tight deadlines with ever-evolving security threats is no joke. When prioritizing speed, unsafe code eventually slips into production.

Humans are the weakest link in cybersecurity, and it is inaccurate to say that IT administrators, who often have access to sensitive data and systems, are invulnerable. In this blog post, we demonstrate how a Red Team Operator achieved full Active Directory domain compromise as a result of an IT Administrators’ poor cyber hygiene.

In today's digital world, cyber threats are becoming increasingly sophisticated and harder to detect. Traditional security measures such as firewalls and VPNs are no longer enough to protect against ever-evolving threats. This is where zero-trust network architecture comes into play. In this blog post, we'll explore zero-trust network architecture and how it can work alongside Wi-Fi security to provide robust protection for your network.

It was all over the news. Fed's Jerome Powell was social engineered by Russian pranksters posing as Zelensky. According to video footage shown on Russian state television, Federal Reserve Chairman Jerome Powell unwittingly spoke with a duo of Russian pranksters who were pretending to be Ukrainian President Volodymyr Zelenskiy during a call. Powell provided responses to various questions about topics like inflation and the Russian central bank, believing that he was speaking with Zelenskiy.

Wired just published an interesting story about political bias that can show up in LLM's due to their training. It is becoming clear that training an LLM to exhibit a certain bias is relatively easy. This is a reason for concern, because this can "reinforce entire ideologies, worldviews, truths and untruths” which is what OpenAI has been warning about.

AppSec teams often struggle to either validate or scale their security policies, like enforcing security headers or removing risky technologies. This job is easier said than done, and teams are feeling the pinch. To address these challenges, we launched Attack Surface Custom Policies – a powerful feature built directly into Surface Monitoring that makes it possible to set, enforce, and scale customizable security policies so you can focus on the issues that matter most.

Software due diligence is crucial in M&A, but to approach it strategically you must understand its key considerations and risks. Mergers and acquisitions (M&As) can be a great way for companies to expand their offerings and market share. One of the biggest risk areas for M&A in tech deals is software plagued with vulnerabilities or that contains open source license compliance issues.

The previous blog post in this series presented an introduction to secure software development for modern vehicles. In this blog post, we will do a deep dive on connected and autonomous vehicles (AVs) and focus on fuzz testing.

The cybersecurity landscape is becoming increasingly complex and challenging for businesses of all sizes. As an MSP, you're well aware of the growing demand for comprehensive security and compliance solutions. With the right tools and strategies in place, you can help your clients navigate this complex landscape while unlocking new revenue streams for your business.

As APIs continue to increase across industries, so too do the threats to their security. The OWASP API Top 10 list is an essential resource for businesses looking to secure their application programming interfaces. OWASP is best known for releasing the top 10 security risks and vulnerability lists for web apps, mobile apps, APIs, and so on, which are revised every four years to reflect the latest threats and risks affecting organizations globally.