Semgrep is a leading static application security testing (SAST) tool powered by an open-source community for surfacing bugs, discovering vulnerabilities, and enforcing code standards. Semgrep has scanned over 75 million packages, contributed to 2000 community rules, and supports over 30 coding languages. Riscosity is the leading data flow observability and security platform. This is why we’re excited to announce Ricosity’s new integration with Semgrep.

Over the past year, countless articles, predictions, prophecies and premonitions have been written about the risks of AI, with GenAI (Generative AI) and ChatGPT being in the center. Ranging from its ethics to far reaching societal and workforce implications (“No Mom, The Terminator isn’t becoming a reality… for now”). Cato security research and engineering was so fascinated about the prognostications and worries that we decided to examine the risks to business posed by ChatGPT.

Safeguarding classified information is paramount to the security of any nation and its allies. However, modern collaboration tools and devices have made protecting it more challenging without the proper guardrails. Understanding classified information handling requirements and the technologies that can help enforce these obligations are the keys to preventing unauthorised access, dissemination and exposure of classified information.

Third-party vendors, contractors, and partners are often an integral part of an organization’s operations. However, they can also pose significant security risks if not properly managed, with poor cybersecurity practices increasingly becoming a major contributing factor to supply chain disruptions. If your organization relies on third parties for anything, understanding and managing their risk should be at the top of your list.

This month, the Nightfall team has some exciting product enhancements to share with you, including an expansion of our secrets detectors as well as brand new APIs for automated workflows. Dive in to find out what we've been working on—as well as what's coming next.

Endpoints are critical to the success of cyber attacks. While the definition what an endpoint is, exactly, has shifted over time, the threat has remained the same: Threat actors need a device to spread malware, encrypt assets, and harvest application credentials — they need an endpoint.

This month's release rollup for product updates and enhancements includes Egnyte Sign, Rules-based Metadata, and iOS Image Markups. Below is a summary of these and other new releases. Visit the articles linked below for more details.

A selection of this week’s more interesting vulnerability disclosures and cyber security news. Patch time for WordPress users (when isn’t it?) using a popular caching plugin…

Cloudflare has been part of a multivendor, industry-wide effort to mitigate two critical DNSSEC vulnerabilities. These vulnerabilities exposed significant risks to critical infrastructures that provide DNS resolution services. Cloudflare provides DNS resolution for anyone to use for free with our public resolver 1.1.1.1 service. Mitigations for Cloudflare’s public resolver 1.1.1.1 service were applied before these vulnerabilities were disclosed publicly.

Read also: A hacker who stole data from 40 million license plates arrested in Spain, a former cop faces charges for hacking, and more.