Researchers recently found another Software Supply Chain issue in BoltDB, a popular database tool in the Go programming environment. The BoltDB Go Module was found backdoored and contained hidden malicious code. This version took advantage of how Go manages and caches its modules, allowing it to go unnoticed for several years. This backdoor allows hackers to remotely control infected computers through a server that sends them commands i.e. via a command and control server.

In the inaugural episode of the Security Matters podcast, host David Puner dives into the world of AI security with CyberArk Labs’ Principal Cyber Researcher, Eran Shimony. Discover how FuzzyAI is revolutionizing the protection of large language models (LLMs) by identifying vulnerabilities before attackers can exploit them. Learn about the challenges of securing generative AI and the innovative techniques used to stay ahead of threats.

Welcome back to our series on the evolution of scalper bots. So far, we have traced scalping from its early ticket resale roots to the rise of automated bots. We have explored the ongoing battle between bot developers and anti-bot defenses and examined how scalping evolved into a professionalized, multi-million-dollar industry. In our last post, we uncovered a hidden sub-market where traders aggressively bought, sold, and exchanged bot licenses just like the products they acquired.

A PowerShell function is a block of code designed to perform a specific task. Once a function is created and tested, it can be used in multiple scripts, reducing coding effort and risk of errors. Using well-named functions also makes scripts easier to read and maintain. And since functions can return values that can be used as input to other functions or code blocks, they facilitate building complex operations.

As of January 17, 2025, all financial entities and their information and communication technology (ICT) service providers catering to EU entities must comply with the Digital Operational Resilience Act (DORA). ‍ If you’re new to the regulation, you can reduce the potential overwhelm caused by its various requirements by using a concise compliance checklist. To help, we’ve created a robust guide that covers everything you should know, including: ‍

Last month, during testimony on global cyber threats before the U.S. Committee on Homeland Security, a longstanding debate resurfaced: Why do vendors name different cyber threat actors, and can’t we directly call out those responsible? Industry veterans will recognize that a discourse on this topic tends to pop up in vendor, media, and public policy circles every few years.

On January 16, 2025, an Executive Order 14144 was issued, aimed at strengthening the nation’s cybersecurity defenses. This order comes at a crucial time – during the fiscal year 2023, U.S. federal agencies reported over 32,000 cybersecurity incidents, reflecting a 5% increase from the previous year.

AI coding assistants like GitHub Copilot are transforming the way developers write software, boosting productivity, and accelerating development cycles. However, while these tools generate code more efficiently, they also introduce new risks more efficiently—potentially embedding security vulnerabilities that could lead to severe breaches down the line. What is your plan for reducing risk from the vast amount of insecure code coming through agentic AI in software development?

With modern businesses increasingly relying on multitenant and multicloud platforms, safeguarding critical data has never been more crucial. Backup as a Service (BaaS) offers a scalable, efficient way to protect valuable assets and ensure business continuity in the face of unexpected incidents.

What’s the difference between an unsupervised toddler with markers and an unsecured CI/CD pipeline? Both look fine at first, but chaos is inevitable. While a toddler might scribble on walls, an unsecured pipeline invites attackers to wreak havoc on your digital assets. Cleaning up after either is tough—prevention is smarter. The CrowdStrike 2024 report reveals that cloud-conscious intrusions skyrocketed by 110% in 2023.