This article provides details on how Bitsight TRACE addressed CVE-2024-23897, an arbitrary file read vulnerability that affects Jenkins, a well-known open-source automation server. It includes technical details, common pitfalls, and decisions made since the CVE disclosure until now. The investigation of CVE-2024-23897 is an example of how we can obtain the target instance version but not solely rely on it to classify an instance as vulnerable. First, we go deep to understand the vulnerability.

Recently, I started working with my children's school to enhance their online safety measures and develop a digital mindfulness course in collaboration with their digital literacy lead. This experience highlighted the fact that our schools are not only expected to provide safe places of learning but also extend that safety into the digital spaces.

Berachain is a novel blockchain created to solve consensus mechanism incentive misalignment. For traditional Proof of Stake (PoS) blockchains, users have to lock their assets in order to participate in the security model and earn staking rewards. This results in incentive misalignment as the projects building on these blockchains want activity and volumes – this competes with the native security mechanism of staking which requires assets to be locked up.

For security teams, resolving a cloud incident takes an average of 10 days — time attackers can exploit to cause further damage. The problem? SOCs often lack the context and cloud security automation they need to respond faster. That’s where the partnership between Torq and Sweet Security changes the game.

The Digital Operational Resilience Act (DORA) is a landmark regulation designed to enhance the digital resilience of financial institutions in the EU. Effective from January 17, 2025, DORA mandates the development and maintenance of a robust ICT risk management framework. Here’s an overview of the five pillars and how the right software security measures can help you comply.

Since 2018, Astra has been at the forefront of proactive cybersecurity. Trusted by over 800 global organizations in 70+ countries, we’ve conducted over 3,000 pentests and reported 2 million+ vulnerabilities. Combining automation with nearly half a century of collective human expertise makes Astra security more intuitive, accessible, and effective. Last year, our AI-powered pentest platform uncovered nearly 5,500 vulnerabilities per day.

Early in the cyberattack kill chain, reconnaissance enables attackers to assemble critical network information to plan a tailored attack strategy. In this phase, adversaries aim to map out networks and their users, and locate system vulnerabilities, without setting off alarms. Proactive monitoring and early detection of this activity can disrupt attackers in their tracks and lower the risk of a breach.

Nowadays, most aspects of business are digitalized and it’s essential to ensure your company is cyber resilient. Just as you've struggled to weather the ups and downs of the market, it's time to protect sensitive data and confidential information from increasingly sophisticated threats. With an average of 75,520 attacks per day, according to WatchGuard's threat landscape, it is clear that enterprises must go beyond detection and response.

Unfortunately, storing, saving, and backing up our files is not a 100% guarantee that our files will remain secure forever. We may accidentally delete our accounts, forget passwords to old backups, or worse, experience data loss due to corruption, hardware failure, or cyberattacks. It’s not just our personal files that we must keep in mind.

The majority of global organizations say they have been negatively impacted by a breach in their supply chain. In our latest survey, 81% of global organizations reported being negatively impacted by a third-party cyber breach.