In today’s digital age, as organizations modernize their applications and infrastructure by embracing hybrid cloud environments, API-centric architectures, and AI-driven technologies to enhance customer experiences and productivity, they also face an unprecedented increase in cyber threats aimed at disrupting their operations.

The majority of global organizations say they have been negatively impacted by a breach in their supply chain. In our latest survey, 81% of global organizations reported being negatively impacted by a third-party cyber breach.

Are You Testing for Compliance or Preparing for Real Attacks? Cybersecurity isn’t just about checking boxes—it’s about staying ahead of threats. Many businesses rely on Penetration Testing (Pentesting) and Red Teaming to identify vulnerabilities. However, these traditional methods often assume that attackers play by the same rules as defenders. Reality has other plans.

Nearly half (46%) of businesses observed an increase in deepfakes and generative AI-related fraud last year, a new report from AuthenticID has found. Additionally, phishing attempts increased by 76% in 2024, and more than 90% of cyberthreats were driven by social engineering. The report also noted a rise in workplace-related fraud, including employee impersonation and account takeover.

This article provides details on how Bitsight TRACE addressed CVE-2024-23897, an arbitrary file read vulnerability that affects Jenkins, a well-known open-source automation server. It includes technical details, common pitfalls, and decisions made since the CVE disclosure until now. The investigation of CVE-2024-23897 is an example of how we can obtain the target instance version but not solely rely on it to classify an instance as vulnerable. First, we go deep to understand the vulnerability.

Early in the cyberattack kill chain, reconnaissance enables attackers to assemble critical network information to plan a tailored attack strategy. In this phase, adversaries aim to map out networks and their users, and locate system vulnerabilities, without setting off alarms. Proactive monitoring and early detection of this activity can disrupt attackers in their tracks and lower the risk of a breach.

Recently, I started working with my children's school to enhance their online safety measures and develop a digital mindfulness course in collaboration with their digital literacy lead. This experience highlighted the fact that our schools are not only expected to provide safe places of learning but also extend that safety into the digital spaces.

The Digital Operational Resilience Act (DORA) is a landmark regulation designed to enhance the digital resilience of financial institutions in the EU. Effective from January 17, 2025, DORA mandates the development and maintenance of a robust ICT risk management framework. Here’s an overview of the five pillars and how the right software security measures can help you comply.