As developers, we're constantly juggling features, fixes, and deadlines. Yet, a lurking issue has been surprisingly overlooked: the continued use of vulnerable Log4j and Spring Framework versions in many projects. Despite the high-profile exposure of Log4Shell and Spring4Shell vulnerabilities, a shocking number of applications are still running on these ticking time bombs. This isn't just a minor oversight — it's a major risk.

The enterprise technology landscape has changed significantly, driven by the rapid adoption of cloud technologies, evolving IT infrastructures, and evolving exploitation activities. This transformation requires that organizations take an updated approach to vulnerability management—one that goes beyond the traditional focus on patch management to encompass a broader spectrum of risks.

After speaking to a wide spectrum of customers ranging from SMBs to enterprises, three things have become clear: Add that together, and we get Shadow AI. This refers to AI usage that is not known or visible to an organization’s IT and security teams. Shadow AI comes in many forms, but in this blog we’ll stick to a discussion of Shadow AI as it pertains to applications. Application security teams are well aware that AI models come with additional risk.

A Rubrik Zero Labs report found that 66% of IT and security leaders report that data growth outpaces their ability to secure data and mitigate risk. Adversaries are noticing, increasing the sophistication of cyberattacks, and leveraging gaps in coverage to target critical data for destruction, theft, or extortion. As the volume of data continues to grow and exacerbate visibility challenges, organizations must find ways to manage and protect their constantly expanding data.

Let’s catch up on the more interesting vulnerability disclosures and cyber security news gathered from articles across the web this week. This is what we have been reading about on our coffee break! Oh boy, what a trove for scammers. Really hope plugged before used…

In the ever-expanding world of cloud computing, one thing has become glaringly clear: identities are no longer just user profiles—they are the keys to the kingdom. As businesses race to harness the power of the cloud, they must also confront a growing menace: the risk posed by poorly managed identities. Imagine leaving your front door unlocked in a neighborhood known for break-ins — that’s what weak identity management is like in the cloud.

Read also: A money launderer for the Lazarus hackers arrested in Argentina, US offers $2.5M for the Angler hacker, and more.

In this article, we outline the main elements of DORA, as well as key recommendations for preparing effectively for this important new regulation.

Your Domain Name System (DNS) infrastructure enables users to connect to web-based resources by translating everyday language into IP addresses. Imagine going into a restaurant, in the age before the internet, only to find that the staff speaks and the menu is written in a different language from yours. Without some shared communication form, you can’t order dinner, and they can’t give you what you want.