Windows PowerShell and command prompt (CMD) are both essential command-line interface tools for Windows administrators, allowing them to execute commands, manage system processes and automate administrative tasks. While CMD has been a foundational component of Windows since the MS-DOS era, PowerShell has emerged as a more advanced and powerful scripting language, enhancing system management and automation capabilities.

As we approach the end of the year, many of us are reflecting on what we accomplished in 2024 — what did we do well this year? What could we have done better? It's also the perfect time to reflect on how to improve your team’s security practices. Have you been staying ahead of threats or have you let a few vulnerabilities slip through the cracks?

On July 24th 2024, Curl maintainers announced a new stack buffer Use After Free (UAF) vulnerability – CVE-2024-6197. This type of vulnerability is very uncommon since UAF issues usually occur on the heap and not on the stack. While the vulnerability can be easily exploited for causing denial of service, in this blog we will show why we believe that it is almost impossible to exploit this vulnerability to achieve remote code execution in any real-world setup.

NIS 2 aims to enhance the security of networks and information systems in the EU. Its main goal is to level up the cybersecurity game across Europe. It requires organisations in critical sectors to take cybersecurity seriously. The transposition of the NIS2 Directive into national law by member states emphasizes the deadline for compliance and the implications for cybersecurity regulations within each country’s legal framework.

Banks and Insurance companies in New York are grappling with the complexities of 23 NYCRR Part 500, a challenging cybersecurity regulation that demands comprehensive and nuanced security measures. The primary hurdle for these organizations is translating the regulatory language into actionable, practical steps that meaningfully enhance their cybersecurity posture.

Gartner predicts that generative AI (GenAI) will become a critical workforce partner for 90% of companies by next year. In application development specifically, we see developers turning to code assistants like Github Copilot and Google Gemini Code Assist to help them build software at an unprecedented speed. But while GenAI can power new levels of productivity and speed, it also introduces new threats and challenges for application security teams.

The future of eliminating secrets sprawl means getting a handle on the lifecycles and interdependencies of the non-human identities that rely on secrets. Learn how to implement these NHI security measures at scale.

In 2024, we shipped numerous features to help security teams manage their growing attack surface. Some examples are Domain Connectors for continuous discovery, a new Integrations platform for greater flexibility, and a Domains page for unprecedented control over attack surface data. Read on to explore our highlights of this year, check out the top vulnerabilities that made headlines, and discover what lies ahead in 2025.

On December 15, 2024, reports emerged that threat actors have begun attempting to exploit a recently disclosed critical vulnerability in Apache Struts (CVE-2024-53677) shortly after the publication of a Proof-of-Concept (PoC) exploit. Apache Struts is a widely used open-source web application framework for developing Java-based applications.

In the cyber security domain, the increase of cyber-attacks alongside the acceleration of businesses’ digital transformation, drive states to deploy a more ringent regulatory framework to protect data and establish a code of conduct for businesses. In this perspective, it is essential to view compliance as an integral component of the wider governance framework, which is grounded in international standards of an interconnected world that makes best use of already tested best practices.