The JFrog Security Research team has recently discovered and reported a leaked access token with administrator access to Python’s, PyPI’s and Python Software Foundation’s GitHub repositories, which was leaked in a public Docker container hosted on Docker Hub.

There is a lot to keep track of these days. Organizations face an array of challenges that can hit anywhere on the spectrum from the mundane to the existential. Heightened security concerns affect how tightly you control user access. The proliferation of devices adds complexity and bloat to your management stack. And almost every organization, regardless of size, is expanding its distributed workforce across global time zones and native languages. Getting this right falls to you as well.

The MD5 cryptographic hash function was first broken in 2004, when researchers demonstrated the first MD5 collision, namely two different messages X1 and X2 where MD5(X1) = MD5 (X2). Over the years, attacks on MD5 have only continued to improve, getting faster and more effective against real protocols. But despite continuous advancements in cryptography, MD5 has lurked in network protocols for years, and is still playing a critical role in some protocols even today.

Securing non-human identities is just as critical as managing human ones in today's complex IT landscapes. Non-human identities, such as service accounts, application identities, and IoT devices, play pivotal roles in automation and system integration. Managing these identities in hybrid environments, where on-premises Active Directory (AD) integrates with cloud-based Entra ID (formerly Azure AD), presents unique challenges.

Software applications are becoming more sophisticated every day. As a result, organizations often struggle to manage the complexity and operational costs of securing them.

DynamoDB is a fully managed NoSQL database service offered by Amazon Web Services (AWS). It is renowned for its scalability, dependability, and easy connection with other AWS services. Notwithstanding its manifold advantages, organizations continue to place a high premium on guaranteeing the security of data stored in DynamoDB. By default, DynamoDB can be accessed over the public network using HTTPS, ensuring secure communication with SSL/TLS encryption.

Summertime often means vacation time—a chance to rest, relax, and dive into some good reading. But for those of us in cybersecurity, truly disconnecting can be a challenge. It’s crucial to stay updated on the latest news and developments within the industry. To help you keep up, we’ve compiled a list of “must-read” cybersecurity content to add to your summer reading list. Here are our top picks for the first half of 2024, complete with a brief summary of each.

Gartner projects that by 2026, 80% of software engineering organizations will have established platform engineering teams. The vision of platform engineering is ambitious: to empower developers with all the flexibility they need while minimizing complexity. This approach has already transformed infrastructure, deployment, data analytics, encryption management, authentication, and more.

For many teams, managing governance, risk, and compliance (GRC) is still a very manual process. As a security leader, you might be wondering how to future-proof and scale your GRC program when so much of your team’s time is spent on collecting screenshots or copying and pasting information from one spreadsheet to another. ‍ The future of GRC management doesn’t have to be more of the same though.

Today's businesses are transforming through integrating IT and OT environments, a shift that's enhancing efficiency and unlocking new operational capabilities. Key functionalities like remote access and telemetry collection are becoming increasingly central in this digitally integrated landscape.